Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Out of band patch addresses IE Explorer vulnerability

Lumension Security : 22 January, 2010  (Technical Article)
Lumension comments on the patch issued by Microsoft to close out the vulnerability on Explorer and recommends running safer versions using Vista or Windows 7
Don Leatham, Senior Director Business Development at Lumension comments on the out of band patch for the Google attack vector: "Microsoft has announced via its Security Response Center (MSRC), that an out-of-band security patch was released on Thursday, January 21, 2010. This patch addressed the previously announced flaw in Internet Explorer that has been widely reported as the key attack vector in reported attacks against Google and other companies by entities based in China (MS Security Advisory #979352.) Microsoft has confirmed that there are active exploits attacking Internet Explorer 6. Because of these in-the-wild exploits and the amount of media and customer attention on this specific exploit, Microsoft decided it was in their customers' best interest to issue this out-of-band patch.

"Additionally, Microsoft confirmed that all current versions of Internet Explorer contain a Data Execution Prevention (DEP), bypass vulnerability. If not by-passed, DEP can help in stopping the exploit code. Newer versions of Internet Explorer running on Windows Vista and Windows 7 are less vulnerable to an active exploit . These versions of Windows have Address Space Layout Randomization (ASLR) that provides an extra level of protection beyond DEP. This is a clear, real-world example of the superior security model implemented in Windows Vista and Windows 7, and should be a wake-up call to organisations still running Windows XP to accelerate their migration plans. Information on additional known vulnerabilities is available at the latest blog posting on the MSRC website.

"Given the in-the-wild exploit code, Lumension is recommending to all customers that they immediately review their environments for computers with Internet Explorer 6 running on Windows XP. These machines should be priorities in Thursday's deployment plans for this critical security update. In the meantime, standard security practices regarding attachments, clickable links in email, and AV/AS updates should be followed."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo