Friday, February 17, 2012

Two Critical Browser Vulnerabilities Announced (Internet Explorer)

If you are an IE user, you better watch out. Microsoft has announced two new serious browser flaws in its Internet Explorer web browser.  Microsoft has announced that IE vulnerabilities have been discovered and that users should take precaution by downloading the latest security patch, MS12-0100

What the Browser Vulnerability Leaves Open

The most severe browser vulnerabilities could

  • Allow remote code execution if a user views a specially crafted web page using Internet Explorer.
  • An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user.
  • Users whose accounts at the administrative level could be impacted more than users who have fewer user rights on the system.
What does the patch do?
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles content during copy and paste processes; how it handles objects in memory; and how it creates and initializes strings.

Other Vulnerability
Microsoft also announced a vulnerability that could allow remote code execution if a user opens a specially crafted media file that appears on a website or sent as an email attachment. Microsoft says that if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. That vulnerability is discussed on MS12-013.
The security update addresses the vulnerability by modifying the way that the msvcrt dynamic link library (DLL) calculates the size of data structures in memory. What the calculations reported was not specified, but one would think that the number showed the size of the content, and this number could be extended or modified, thereby exploiting the software, and making room for hackers to enter.
Security Update Download Options
Microsoft announces upgrades and they are available for download on a Tuesday. If your computer is set for automatic download, then the patch will be placed on the user’s computer. If not, review the upgrade system to make the download available.

No comments:

Post a Comment

Note: This is Blogger's comment system. This system is a backup for when Disqus can't be reached by your computer, such as when your network blocks connections to The comment policy still applies regardless.