Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

IE6 vulnerability closed by Microsoft

Symantec : 22 January, 2010  (Technical Article)
Microsoft has released an out-of-band patch to fix the vulnerability on Internet Explorer versions 6, 7 and 8 which had been used against Google
Microsoft has announced that on Thursday 21st at approximately 6pm (UK time), it released an emergency out-of band patch to fix the Internet Explorer zero day security vulnerability that has been used by attackers in various high-profile targeted attacks, specifically the recent Trojan.Hydraq attacks waged against Google and a number of other companies.

The vulnerability affects Internet Explorer 6, 7 and 8, which make up the bulk of the versions used today. However, the only in-the-wild exploit code for this vulnerability detected thus far is confirmed to affect just Internet Explorer 6.

"Based on our in-the-field detections, this security vulnerability has only been used in a very limited number of targeted attacks so far, however they appear to be very high profile attacks," said Joshua Talbot, security intelligence manager, Symantec Security Response. "The most likely attack vector used in the incidents seen thus far is targeted e-mails containing legitimate looking attachments or links to Web sites sent to high-level employees. When the attachment is opened, an exploit for the vulnerability springs into action and the computer becomes infected."

"Despite the fact that we've seen just limited attacks using this vulnerability, with exploit code public, there is no reason to think we won't see more attack attempts," Talbot added. "And you can be sure bad guys are working overtime to create reliable exploits for the other affected versions of Internet Explorer, namely 7 and 8."

"This security hole is so dangerous because it allows for remote exploitation," Talbot said. "This means attackers can run any malicious code of their liking on a victim's machine by taking advantage of the vulnerability."

Symantec strongly encourages users to patch their systems against this vulnerability. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo