IE Zero-Day: Microsoft Patch Tuesday Warns

Posted by Unknown | March 10, 2010 |

Microsoft on Tuesday issued a fresh security advisory on vulnerability in internet explorer that could allow remote code execution. The vulnerability, which could allow an attacker take control of a system via malicious coded websites, is attributed to an invalid pointer reference within internet explorer accessible after an object is deleted.

The company, however, stated that all supported versions of Microsoft Outlook, Outlook Express and Windows Mail open HTML email messages in the restricted site zone, and thereby mitigates the effect of such an attack. Also protected mode in internet explorer on Windows Vista and later Windows versions helps to limit the impact of the vulnerability. Whereas, internet explorer on Windows server 2003 and 2008 respectively runs in a restricted mode (Enhanced Security Configuration) by default.

The Advisory contain workarounds, and where not applicable advices users to upgrade to later versions - IE6 and IE7 users are advised to upgrade to IE8.

The new IE zero-day bug have formed the fodder on which the browser wars is manned against Microsoft and for the second time in a roll, it has admitted that the bug is responsible for the target on Google by cyber attackers from China.