Hunter Strategies LLC logo

Microsoft News Tracker

What's more interesting than observing Microsoft?

December 1, 2005

Emergency patch for Internet Explorer?

Posted by David Hunter at 12:06 PM ET.

Ryan Naraine at eWeek:

Microsoft Corp. is working on a plan to release an out-of-cycle patch to cover a gaping hole in its dominant Internet Explorer browser.

Sources say the MSRC (Microsoft Security Response Center) is aggressively aiming to release the emergency IE fix ahead of the December 13 Patch Tuesday schedule.

Officially, the company isn’t commenting on a timeline for the IE patch.

IE security flaws are usually not particularly newsworthy, but this one is exceptional.

Microsoft late Tuesday updated its security advisory to confirm it was aware of a zero-day exploit and a drive-by malware attack targeting the unpatched vulnerability.

Alex Eckelberry, president of anti-spyware vendor Sunbelt Software, said his company first detected the drive-by downloads earlier this week and reported its findings to Microsoft.

“This is a pretty nasty exploit. You just have to visit the [malicious] site and your computer gets hosed. It’s dropping a Trojan downloader that takes control of the victim’s machine,” Eckelberry said in an interview.

Sunbelt Software researchers have confirmed the exploit is being launched from a handful of malicious Web sites.

More by following the link. The revised security advisory has suggestions for workarounds and remediation.

Filed under Internet Explorer, Patch Tuesday, Security, Trojan Horses

Related posts:


One Response to “Emergency patch for Internet Explorer?”

  1. Microsoft News Tracker » Microsoft issues critical security patch for Internet Explorer Says:

    [...] In today’s Patch Tuesday release, Microsoft issued two security updates, one of which was deemed “critical.” That one, MS05-054, is a cumulative patch for Internet Explorer which provides four fixes, including one for a bug that permitted drive-by malicious downloads. Microsoft did not, however, fix the cross site scripting flaw that had briefly exposed Google Desktop until Google did a workaround. [...]

News Search:

Recent Posts:

Daily Digest Email:

Enter your Email

Powered by FeedBlitz


Full category list


Archive List

RSS Feed:

HunterStrat Links:


  • Powered by WordPress.