Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Remote Code Execution Vulnerability in IE Will Keep Administrators on the Hop

Lumension Security : 11 March, 2010  (Technical Article)
Lumension comments on the lack of a patch for Internet Explorer zero-day vulnerability which affects IE 6 and 7
It might be a light Patch Tuesday, but out of bound exploits will keep IT administrators on their toes, comments Alan Bentley, VP International Lumension.

"Today's Patch Tuesday release is being overshadowed by a new zero-day vulnerability in Internet Explorer that can allow remote code execution. Reportedly, the exploit is currently being used in targeted attacks in the wild. It was reported today in an advisory by Microsoft - the same day they released the monthly patches for March 2010 - that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 are vulnerable.

"March's Patch Tuesday is particularly light, including two bulletins that are rated important (MS10-016 and MS10-017) with an aggregate Exploitability Index rating of "1", and should both be addressed by IT administrators as soon as possible. Today's bulletins may require a restart and have an impact on operations, one in Microsoft Office and one in Microsoft Windows. These two vulnerabilities both involve a user downloading a specially crafted file, and are yet another reminder of the importance of endpoint security, and the need to shift focus from the gateway to the endpoint.

"Earlier this week, a VBScript that was also exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Although this issue won't be addressed by today's monthly patches, a workaround has been provided by Microsoft which believes it is not a serious issue, and will continue to monitor the situation."

"IT administrators mustn't forget the upcoming end-of-life dates of Windows XP, so customers will soon have to start updating these operating systems, including Windows XP Service Pack 2, which will no longer be supported after July 13, 2010. All customers are being encouraged to upgrade to Service Pack 3 or to Windows 7 as soon as possible."

"In other Patch Tuesday related news for March, there are changes with Apache 2.2.15 - the latest version of the web service software includes five security fixes. HP has alerted users to a potential vulnerability with HP Performance Insight, but has not issued a patch to resolve this."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo