Microsoft Released Emergency Security Patches for Internet Explorer
Microsoft released a cumulative Internet Explorer update that could fix 10 security holes on March 30, 2010. One of the security holes included drive by download vulnerability which had already been used in malware attacks. This was the second update released by Microsoft over the three months of 2010 and Redmond was bound to release an out-of-band patch to fix the critical vulnerabilities in Internet Explorer.
The cumulative out-of-band update got critical rating and fixed one publicly acknowledged vulnerability and nine private vulnerabilities in all the versions of Internet Explorer. IE 5.01, IE 6 on Windows clients, IE 6 Service Pack 1, IE 7 and IE 8 on Windows clients are some of the versions of Internet Explorers fixed by the update. However, the update ranked 'moderate' for IE 8 and 'important' for IE 6 both on Windows servers.
The error in IE exists due to an invalid pointer reference found within the browser. The browser could access after the deletion of an object, which leaves space for the remote code execution.
Moreover, Microsoft released a security advisory on March 9, 2010, with a warning that a zero day exploit exist in Internet Explorer. According to the security experts, this flaw was not much different from other flaws addressed by Microsoft previously.
The most critical vulnerabilities might allow a remote code execution provided a user see specially designed web page through Internet Explorer. Computer users who have configured their accounts with fewer user rights on the system would see less impact compared to those users who run with administrative user rights.
Once the victim view the infected website, malware automatically installs on the computer and permits attackers to take control of the system or link it with a global botnet.
Andrew Storms, Director of Security Operations, nCircle, said that the release of emergency update by Microsoft a week earlier to the scheduled release of regular updates on Patched Tuesday indicates to the severity of flaws and attacks.
Thus, Storms suggested to all computer users that they should install new patches as soon as possible and people who hadn't integrated IE 8, this was the perfect time to consider it, as reported by Channel Register on March 30, 2010.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 09-04-2010