Microsoft patches 33 flaws, including Internet Explorer 8 zero-day

By

Fix blocks drive-by download attacks.

Microsoft on Tuesday patched a dangerous zero-day vulnerability affecting Internet Explorer 8, one of 10 fixes that the software giant released as part of its monthly security update.

Microsoft patches 33 flaws, including Internet Explorer 8 zero-day

The IE 8 hole, which has been actively exploited in attacks against the U.S. government workers, temporarily was plugged last week when Microsoft distributed a Fix-It workaround. The permanent patch, addressed by MS13-038, prevents victims from being hit with an exploit if they visit a web page that has been compromised to serve malware.

The other "critical" patch introduced Tuesday by Microsoft is bulletin MS13-037, which addresses 11 additional vulnerabilities in IE. None of the bugs were publicly known, but they are present in all supported versions of the popular web browser.

Microsoft also tapped MS13-039 as high-priority bulletin. It addresses a single vulnerability in the HTTP protocol stack, known as HTTP.sys, a core Windows component that receives and processes HTTP requests. According to the bulletin, "the vulnerability could allow denial-of-service if an attacker sends a specially crafted HTTP packet to an affected Windows server or client."

The remaining seven patches address flaws in the .NET Framework, Lync, Publisher, Word, Visio, Windows Essentials and kernel-mode drivers.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

Log In

  |  Forgot your password?