Microsoft to Fix Internet Explorer Security Hole on Patch Tuesday
Microsoft is planning to release six security bulletins for December's Patch Tuesday, including one to cover the recently disclosed zero-day vulnerability affecting Internet Explorer.
According to the prerelease advisory, three of the bulletins are rated critical. The remaining bulletins are rated important. All told, Microsoft will address 12 vulnerabilities in Windows, Internet Explorer and Microsoft Office products.
The Internet Explorer vulnerability, discussed by Microsoft in a security
advisory, affects Internet Explorer 6 and 7. The vulnerability is an
invalid pointer reference of IE. In certain situations, a
"The IE update maps to bulletin No. 4 in the ANS and will be at the top of our deployment priority list," blogged Jerry Bryant, security program manager for Microsoft Security Response Center. "The other critical update affecting Windows (bulletin No. 1) will have a lower Exploitability Index rating, so while the impact is higher with a critical severity rating, the lower risk will drop the deployment priority down a little. The final critical update affecting Microsoft [Office] Project (bulletin No. 3) is only critical for Project 2000."
The updates are scheduled to become available Dec. 8.