http://news.cnet.com/8301-27080_3-10411612-245.html By Elinor Mills InSecurity Complex CNet News December 8, 2009 Microsoft released fixes on Tuesday for a critical vulnerabilities in Internet Explorer, including one for which exploit code has been released. Adobe, meanwhile, was scheduled to release a critical update affecting Flash Player and Adobe AIR, following news of exploit code being released for a vulnerability in Illustrator CS3 and CS4 on Windows and Mac last week. Microsoft's regular Patch Tuesday release includes six security bulletins addressing 12 vulnerabilities in IE, Windows, Windows Server, and Office. However, priority should be given to the cumulative IE bulletin, which affects all major Windows versions including Windows 7, IE 6, IE 7, and IE 8. The bulletin fixes five holes that could allow an attacker to remotely take control over a system in drive-by download attacks. The fix also addresses a problem with ActiveX control built with Microsoft Active Template Library (ATL) headers that could allow remote code execution. "Vulnerabilities in IE are generally pretty serious because all you have to do is go to a Web page or get referred to one" that has malicious code on it, said Jason Avery, manager of the Digital Vaccine service at Tipping Point. Three of the IE holes were disclosed through Tipping Point's Zero Day Initiative program over the summer, he said. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Dec 08 2009 - 23:08:33 PST
This archive was generated by hypermail 2.2.0 : Tue Dec 08 2009 - 23:15:21 PST