All the latest UK technology news, reviews and analysis


Microsoft rushes to fix Internet Explorer zero-day flaw

14 Jan 2013
Internet Explorer

Microsoft has announced plans to release an out-of-cycle update to fix a critical zero-day vulnerability in its Internet Explorer web browser.

The company's Trustworthy Computing (TwC) division announced it would be releasing a patch designed to fix the flaw in a security bulletin on Sunday.

The flaw was originally revealed in a security bulletin earlier in December. The flaw relates to a number of older Internet Explorer versions and is dangerous as it leaves users open to a variety of cyber attacks.

"The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," read TwC's release.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

Despite its possible uses, Microsoft was quick to add the flaw's impact on end users has remained minimal.

"At this time, customer impact has been limited and only customers on Internet Explorer 6-8 are affected. Internet Explorer 9-10 are not affected by this issue," Microsoft Trustworthy Computing group manager for response communications, Dustin Childs, told V3.

The zero day vulnerability is one of many to have been patched this January. Prior to it Oracle released a similar patch for a vulnerability in its Java software.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
23%
14%
4%
17%
30%
12%

Popular Threads

Powered by Disqus
Sony Xperia Z2 smartphone running Android KitKat 4.4

Sony Xperia Z2 video

We test out the latest Android KitKat flagship from Sony

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Developer (Edinburgh, Glasgow, or Dundee)

Role: Developer Location: Edinburgh, Glasgow or Dundee...

SQL BI Developer

Role: SQL BI Developer Location: Edinburgh Salary...

.NET Developer/Solutions Architect

Role: .NET Developer/Solutions Architect Location...

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...
To send to more than one email address, simply separate each address with a comma.