Microsoft - FEATURED ARTICLES
February 15, 2012
Microsoft News - Microsoft Releases 'Critical' Patch for Internet Explorer
By Ed Silverstein, TMCnet Contributor
This week, Microsoft released a “high-priority” IE update – MS12-010, according to a recent bulletin from the company. The February “Patch Tuesday” remedies some 21 vulnerabilities in Windows and Microsoft.
The update was described as “critical” by the company for IE 7, IE 8, and IE 9 on Windows, Microsoft said. The security update was also rated “moderate” for IE 6.The company added some of the vulnerabilities could lead to “remote code execution” if users view certain web pages via IE.
In addition, Microsoft is telling users to follow MS12-013, which is a “critical bulletin” to fix “a flaw that could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment.”
“If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system,” Microsoft warned in Tuesday’s bulletin.
Also, ZDNet called the vulnerabilities “dangerous” in its blog post. However, Microsoft pointed out that most users use automatic updates and that would mean the update was downloaded and installed automatically.
Jim Walter, manager of McAfee's (News - Alert) threat intelligence service, recommended that system administrators install the patches immediately. “The Internet Explorer bulletin should be considered a top priority, as there is a risk of code execution attacks,” Walter told v3.co.uk. “If not attended to, browser exploits can be particularly harmful.”
“Six of the patches this month are marked as critical, the most we've seen in a while,” Joshua Talbot, security intelligence manager at Symantec (News - Alert) Security Response, told CIO Today. “While all these vulnerabilities should be patched as soon as possible, we recommend paying particular attention to the HTML Layout vulnerability and the GDI Access Violation vulnerability, both of which allow for remote Relevant Products/Services code execution.”
Ed Silverstein is a TMCnet contributor. To read more of his articles, please visit his columnist page.
Edited by Jennifer Russell