IT Security & Network Security News & Reviews - eWeek



IT Security & Network Security News

Microsoft to Fix Internet Explorer Security Hole on Patch Tuesday


By: Brian Prince
2009-12-03
Article Rating:starstarstarstarstar / 2


There are  user comments on this IT Security & Network Security News & Reviews story.


Microsoft is preparing to address 12 security vulnerabilities with December's Patch Tuesday update. Among the critical fixes is a security patch for a zero-day vulnerability affecting Internet Explorer 6 and 7.

Microsoft is planning to release six security bulletins for December's Patch Tuesday, including one to cover the recently disclosed zero-day vulnerability affecting Internet Explorer.

According to the prerelease advisory, three of the bulletins are rated critical. The remaining bulletins are rated important. All told, Microsoft will address 12 vulnerabilities in Windows, Internet Explorer and Microsoft Office products.

The Internet Explorer vulnerability, discussed by Microsoft in a security advisory, affects Internet Explorer 6 and 7. The vulnerability is an invalid pointer reference of IE. In certain situations, a CSS/Style object can be accessed after the object is deleted. In a specially crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code, Microsoft warned.

"The IE update maps to bulletin No. 4 in the ANS and will be at the top of our deployment priority list," blogged Jerry Bryant, security program manager for Microsoft Security Response Center. "The other critical update affecting Windows (bulletin No. 1) will have a lower Exploitability Index rating, so while the impact is higher with a critical severity rating, the lower risk will drop the deployment priority down a little. The final critical update affecting Microsoft [Office] Project (bulletin No. 3) is only critical for Project 2000."

The updates are scheduled to become available Dec. 8.







 
 
>>> More IT Security & Network Security News & Reviews Articles          >>> More By Brian Prince
 


FEATURED SPONSOR VIDEOS

Benefits of Workload Optimization

What Smart Companies MUST Learn from Gaming

Advances in Authentication

Vertical Markets Benefit from Workload Optimization

View More Videos

Brought to you by
Advertisement

FEATURED SPONSOR MESSAGE

Microsoft Sponsored Resource Center

Increase Your Microsoft Office 365 Knowledge! Dig inside this suite of cloud-based collaboration tools.

Watch the video >>

Brought to you by

Suggested Related Content:

Articles Labs/How-To Multimedia


Advertisement
Contact Us | About | Advertise | Site Map
eWEEK Quick LInks

Security:
Enterprise Networking
Network Security
Infrastructure Security
How To: Data
Security Watch Blog
Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
How To: Storage
Storage Station Blog
Computing:
Apple OSX
Linux Systems
Windows 7
Managed Print Services
Computer Reviews
Microsoft Watch Blog
Google Watch Blog
Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Apps & Development:
Application Development
Enterprise Apps
Search Engines
Database Software
Web 2.0
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Videos
Magazine Subscriptions
Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Web Buyers Guide
Developer Websites:
DevSource C# and .Net
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware
Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Windows Migration
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
ZDE Cluster 5
 
Close this advertisement