[ insider_reports_insider ]
Microsoft Patches Crack Down On Drive-Bys
David Utter
Staff Writer
2008-04-09
 Insider Reports RSS Feed
Malicious websites could exploit unpatched components in Internet Explorer and other Microsoft technologies.
 | | Microsoft Patches Crack Down On Drive-Bys |  |
Patch Tuesday arrived for Microsoft's customers this week, bringing along fixes for several critical issues. Critical flaws leave a system open for remote code execution, an undesirable condition for any computer user.
The security advisory from Microsoft revealed five Critical and three Important bulletins being made available. Internet Explorer in particular needed attention, as its cumulative update fixed a problem that could have been triggered simply by visiting a malicious web page.
Update MS08-024 corrected a problem in IE versions 5.01, 6 SP1, and 7. Security advisory tracker Secunia privately reported the Data Stream Handling Memory Corruption Vulnerability to Microsoft.
"When Internet Explorer processes specially crafted data streams, Internet Explorer may corrupt system memory in such a way that an attacker could execute arbitrary code," Microsoft said of the cause of the vulnerability.
Users logged in with admin rights would be affected worst by an exploit. Arbitrary code execution happening with the local user's rights on an admin machine leaves any attached networks equally likely to follow in being exploited.
The Internet Explorer 8 beta was not listed as vulnerable to the issue.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
