It will be a patch day rather supplied that one previewed in order tomorrow from Microsoft: 17 corrections will close 64 make found them in the several products.
Of 17 bulletins of emergency, 9 are criti and 8 important to us; the software hit comprises Windows, the programs of the Office suite, browser Internet Explorer, Visual Study, the .NET Framework and member GDI+.
The good news that accompanies this returned of patch is that finally Microsoft will release the correction for the bug in the management of format MHTML, uncovered in the end of January and by now taken advantage of, even though limitedly, from a month.
The bad news is, instead, the discovery of a new makes it in Internet Explorer, which interests all the versions, comprised recent number 9.
The discovery from the vulnerability is merit of the French society Vupen, than it is taken care of emergency; the bug has to that to make with the management of code HTML and Javascript from the bookcase msmhtml.dll.
An exploitation of this makes it door the possibility to execute arbitrary code on the computer victim of the attack, being gone around all the protections comprised the sandbox introduced from Internet Explorer 9 and technologies ASLR and DEP integrated in Windows.
Fortunately the code that allows to take advantage of the vulnerability is not still available in Net; probably draft but only of a time issue.
Of 17 bulletins of emergency, 9 are criti and 8 important to us; the software hit comprises Windows, the programs of the Office suite, browser Internet Explorer, Visual Study, the .NET Framework and member GDI+.
The good news that accompanies this returned of patch is that finally Microsoft will release the correction for the bug in the management of format MHTML, uncovered in the end of January and by now taken advantage of, even though limitedly, from a month.
The bad news is, instead, the discovery of a new makes it in Internet Explorer, which interests all the versions, comprised recent number 9.
The discovery from the vulnerability is merit of the French society Vupen, than it is taken care of emergency; the bug has to that to make with the management of code HTML and Javascript from the bookcase msmhtml.dll.
An exploitation of this makes it door the possibility to execute arbitrary code on the computer victim of the attack, being gone around all the protections comprised the sandbox introduced from Internet Explorer 9 and technologies ASLR and DEP integrated in Windows.
Fortunately the code that allows to take advantage of the vulnerability is not still available in Net; probably draft but only of a time issue.
No comments:
Post a Comment