Contact Us

Login

Site Map
  :: ABOUT  EVOLVE » News ::     Search  
News

     

Tuesday, March 30, 2010
Microsoft To Release Out-Of-Band Patch

Microsoft (NSDQ:MSFT) on Tuesday (3/30/10) will issue its second out-of-band security patch of the year to deal with a zero day vulnerability affecting Internet Explorer 6 and Internet Explorer 7 that's been used in targeted attacks for the past several weeks.

Security update MS10-018 will patch the IE 6 and IE 7 vulnerability, which is caused by an invalid pointer reference within IE that can be accessed after an object is deleted, paving the way for hackers to carry out remote code execution attacks.

Update MS10-018 also fixes nine additional vulnerabilities, some of which affect IE 8, Microsoft said in a Monday blog post. Microsoft says these nine flaws "were responsibly disclosed" and that it isn't aware of any active attacks that are targeting them.

Microsoft first warned users of the zero day on March 9 and said at the time that its impact was limited to "targeted" attacks. But the subsequent appearance of exploit code forced Microsoft's hand and necessitated the out-of-band patch.

In one attack outlined by McAfee Labs, unsuspecting Web surfers that visited the domain topix21century.com were served up a drive-by download of a Trojan named notes.exe, which would them create two copies of itself in the Windows temp directory and generate a .DLL file that, when injected into IE, would give attackers remote access.

Out-of-band patches are rare, but Microsoft in January released one to deal with a major IE vulnerability that was used by hackers in China in attacks against Google (NSDQ:GOOG) and more than 30 other Silicon Valley firms.

By Kevin McLaughlin,

Read More..
Evolve Partners, Inc., based in Anaheim, CA is a leading provider of innovative information technology solutions and services to small and mid-sized companies as well as the public sector. Privately held and founded in 2001, the company has become an end-to-end IT Services firm focused on helping growing enterprises leverage technology to improve communication, mitigate risk and deliver value to their customers. Evolve Partners is a certified SDVOB (Service-Disabled Veteran-Owned Business) and DVBE (Disabled Veteran Business Enterprise) by the US Small Business Administration, US Veteran's Administration and the State of California.

 
     Home | News | About | Careers | Contact Us | Terms & Conditions | Privacy Policy © 2008 Evolve Partners, Inc. All Rights Reserved.    
s