Microsoft gets its fix ready following attacks on various organisations
A zero-day flaw in Internet Explorer that has been used in various nefarious attacks is to be patched on Tuesday, alongside a host of other bugs in Microsoft software.
One of the eight bulletins addresses Internet Explorer and the zero-day, which had been used in attacks against Japanese entities, the Taiwanese government and various financial institutions. Exploit code was made publicly available across the Metasploit framework and on various public websites.
The flaw affects all versions of Internet Explorer from 6 to 11. “Fortunately, attack volume using this vulnerability has continued to be low and this has given Microsoft the opportunity to do a full test cycle on all possible combinations of operating systems and target sites,” said Qualys CTO, Wolfgang Kandek.
Three other bulletins are critical, affecting all versions of Windows from XP trhough to Windows 8 and RT.
“After the IE issue, the next patching priorities are Bulletins 2 and 4, which are both critical. Both bulletins require restart and both affect multiple versions of the Windows OS,” said Ross Barrett, senior manager of security engineering at Rapid7
“Number 3 relates to .NET and it’s hard to gauge how important this fix will really be in practical terms until more details arrive in next week’s official Patch Tuesday release.”
The remaining four advisories are ranked important. These cover Microsoft Office, Windows Sharepoint Server and Silverlight.
Adobe, which has just reported a serious hack of its systems affecting nearly three million of its customers, announced its plans to release updates of Adobe Reader XI and Acrobat XI on Windows, addressing a critical vulnerability that appears to have remained unused in the cyber crime community.
Are you a security expert? Try our quiz!