All the latest UK technology news, reviews and analysis


Microsoft rushes to fix Internet Explorer zero-day flaw

14 Jan 2013
Internet Explorer

Microsoft has announced plans to release an out-of-cycle update to fix a critical zero-day vulnerability in its Internet Explorer web browser.

The company's Trustworthy Computing (TwC) division announced it would be releasing a patch designed to fix the flaw in a security bulletin on Sunday.

The flaw was originally revealed in a security bulletin earlier in December. The flaw relates to a number of older Internet Explorer versions and is dangerous as it leaves users open to a variety of cyber attacks.

"The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," read TwC's release.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

Despite its possible uses, Microsoft was quick to add the flaw's impact on end users has remained minimal.

"At this time, customer impact has been limited and only customers on Internet Explorer 6-8 are affected. Internet Explorer 9-10 are not affected by this issue," Microsoft Trustworthy Computing group manager for response communications, Dustin Childs, told V3.

The zero day vulnerability is one of many to have been patched this January. Prior to it Oracle released a similar patch for a vulnerability in its Java software.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?
63%
8%
20%
9%

Popular Threads

Powered by Disqus
V3 Security Summit

V3 Security Summit Day 2: Botnet, skills and BYOD intelligence incoming

Keep V3 bookmarked for news updates on all the key security concerns and topics facing businesses

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Front End Web Developer - London - Salary 35-45K - E-Learning

Front End Web Developer - London - Salary £35-£45K...

Business Analyst - credit cards

Business Analysts / Change Analysts required - credit...

Perl, Ruby or Python Developer - 45K-55K - Southampton

Perl, Ruby or Python Developer - £45K-£55K - Southampton...

Senior PHP Developer - London - 45K-55K + Benefits

Senior PHP Developer - London - £45K-£55K + Benefits...
To send to more than one email address, simply separate each address with a comma.