Microsoft is preparing to update a critical flaw in Internet Explorer for its next monthly security update.
The company said that its Patch Tuesday
release will include a fix for the remote code execution flaw which is
seen as a top security concern in systems ranging from Windows XP to
Windows 8 and Internet Explorer versions 6 through 10.
While the exact nature of the
vulnerability itself will not be revealed until after Microsoft posts
the fix, the company said that if exploited, the flaw could allow an
attacker to remotely execute code on a targeted system. Such flaws are
commonly targeted by attackers for web-based 'drive by' malware attacks.
Three of the remaining four planned
bulletins will address denial of service, elevation of privilege and
information disclosure flaws in Windows. All three have been classified
by the company as 'important' security priorities.
The fourth fix planned for June will
address a remote code execution vulnerability in Microsoft Office
classified by Microsoft as an 'important' risk. Such remote code flaws
in Office are often considered less than critical because a user would
have to be convinced to manually launch an attack file in order to
exploit the flaw.
According to Trustwave director of security research Ziv Mador, administrators should not be lulled into a false sense of security by the relatively light patch load this month.
“Just because there is only five bulletins this month doesn’t mean we shouldn’t pay attention to them,” Mador cautioned.
“If you are planning ahead note
that four of these bulletins will require a restart after installing and
the fifth one might, probably depending on what else you have
installed.”
No comments:
Post a Comment