Microsoft to patch Internet Explorer 10

By

Pwn2Own bugs squashed?

Microsoft is readying nine patches to be released Tuesday as part of the software giant's monthly security update.

Microsoft to patch Internet Explorer 10

Security consultancy which cracked Microsoft's Surface Pro using two Internet Explorer zero day vulnerabilities and a sandbox bypass.  

Two of the nine fixes address vulnerabilities rated critical and could be exploited to execute remote code, while the remaining seven patches attend to flaws deemed important, according to an advance notification from Microsoft.

Security observers eyed Bulletin 1 as the most pressing because it involved vulnerabilities in all supported versions (6-10) of Internet Explorer (IE).

Security weaknesses in browsers are preferred vectors of attack for cyber criminals because often they can be successful by a victim merely visiting an infected web page.

Andrew Storms, director of security operations at nCircle, which recently was acquired by Tripwire, suspects one of the IE flaws being plugged was discovered last month at the Pwn2Own hacker contest at the CanSecWest show in British Columbia.

The update's remaining patches, address issues in Windows, Office, Server Software and Security Software.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack

Qantas obtains court order to prevent third-party access to stolen data

Qantas obtains court order to prevent third-party access to stolen data

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

Log In

  |  Forgot your password?