Zero-day IE flaw not in Microsoft Patch Tuesday

By

Vulnerability stays unpatched.

Microsoft has not included Internet Explorer in its Patch Tuesday list, leaving a zero-day vulnerability without a fix.

Zero-day IE flaw not in Microsoft Patch Tuesday

The flaw could allow hackers to obtain information, or take any action that the user could take on an affected website.

The Redmond giant could be placing the browser at even greater risk, as the controversial hacking contest Pwn2Own is due to start next week.

Both Google and Mozilla have patched their browsers in time for the event, but Microsoft has opted not to.

Websense recently reported flaws in Internet Explorer were targeted as part of a hack on ad firm Unanimis that could have placed tens of thousands of people in danger.

Next week’s Patch Tuesday will be a relatively light one, with just three bulletins, one of which is rated as critical while the other two are rated important.

“The critical update affects Windows XP, Vista and Windows 7 while Windows Sever 2003 and Server 2008 are not affected,” said Amol Sarwate, manager at the Qualys vulnerability research lab.

“One of the important updates affects all Windows operating systems and we expect it to be for the MHTML Information Disclosure issue, which was left un-patched in last month's patch cycle.”

This article originally appeared at itpro.co.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © ITPro, Dennis Publishing
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?