[ISN] MS to release emergency IE fix on Tuesday

From: InfoSec News <alerts_at_private>
Date: Tue, 30 Mar 2010 00:32:59 -0600 (CST)

By John Leyden 
The Register
29th March 2010

Microsoft has announced plans to release an out-of-sequence patch, 
designed to resolve a zero-day vulnerability in Internet Explorer.

A cumulative update to Internet Explorer (MS10-018) plugs a security 
hole in IE 6 and IE 7 exploit by hackers over recent weeks. The latest 
version of Microsoft's browser - IE 8 - is not vulnerable to the flaw, 
which Microsoft first acknowledged was a problem on 9 March.

The vulnerability involves a flaw in the iepeers.dll library involving 
the handling of invalid values passed to the "setAttribute()" function. 
Exploits create a means to drop malware onto the PCs of victims, 
providing they visit booby-trapped website using vulnerable version of 
IE, as explained in our earlier story here.


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Mon Mar 29 2010 - 23:32:59 PDT

This archive was generated by hypermail 2.2.0 : Mon Mar 29 2010 - 23:39:54 PDT