RahulPatel–twikies…

September 23, 2012

Microsoft Releases Out-of-Band Patch For IE Vulnerability

Filed under: Internet Explorer,Micorosoft Windows,Microsoft Internet Explorer — Rahul Patel @ 2:33 am

Released as a MSI package, the patch is described as a workaround that leverages the Windows application compatibility toolkit to make a small change to MSHTML.DLL in memory every time the DLL is loaded by Internet Explorer. Microsoft previously recommended IE users to take this step manually, while the patch automates the task. Microsoft provides an installation guide for the workaround as well as information to uninstall the patch again.

Microsoft stressed that the workaround is only effective if all recent security updates for IE have been installed as well.

The company confirmed existing attacks that exploit the vulnerability. However, Microsoft said that “only 32-bit versions of Internet Explorer” are targeted and attacks “rely on third-party browser plugins to either perform efficient heap-spray in memory and/or to bypass the built-in mitigations of Windows Vista and 7 such as DEP and ASLR.” However, users can further reduce the risk of a successful attack by updating their Java version from Java 6 to 7.

Download FIX
More Information: http://technet.microsoft.com/en-us/security/bulletin/ms12-063

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: