Microsoft patching "Google hack" flaw in IE tomorrow

jmke · 21st January 2010, 09:53

Microsoft has issued an Advanced Notification for the out-of-band security bulletin it is releasing tomorrow for Internet Explorer at approximately 10 am PST. The patch will fix vulnerabilities in IE6, IE7, and IE8 on supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2—vulnerabilities notably exploited in the recent series of Chinese-based attacks against Google and 30 other tech companies.

Microsoft has previously insisted that the publicly posted exploit code only affects IE6 and as such recommended its users to upgrade. While the software giant says the attacks it sees in the wild are still only successful against IE6, Redmond has rated the flaw "Critical" for all versions of the browser.

http://arstechnica.com/microsoft/new...cam paign=rss

jmke · 21st January 2010, 09:56

The flaw works on all IE version if you have DEP disabled; IE6 doesn't have DEP; IE7 has it, but disabled by default. IE8 has it, enabled by default.
http://en.wikipedia.org/wiki/Data_Execution_Prevention

21st January 2010, 09:53	#1
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 79,021	Microsoft patching "Google hack" flaw in IE tomorrow Microsoft has issued an Advanced Notification for the out-of-band security bulletin it is releasing tomorrow for Internet Explorer at approximately 10 am PST. The patch will fix vulnerabilities in IE6, IE7, and IE8 on supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2—vulnerabilities notably exploited in the recent series of Chinese-based attacks against Google and 30 other tech companies. Microsoft has previously insisted that the publicly posted exploit code only affects IE6 and as such recommended its users to upgrade. While the software giant says the attacks it sees in the wild are still only successful against IE6, Redmond has rated the flaw "Critical" for all versions of the browser. http://arstechnica.com/microsoft/new...cam paign=rss __________________

21st January 2010, 09:56	#2
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 79,021	The flaw works on all IE version if you have DEP disabled; IE6 doesn't have DEP; IE7 has it, but disabled by default. IE8 has it, enabled by default. http://en.wikipedia.org/wiki/Data_Execution_Prevention __________________

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Microsoft to release fix for Windows Shortcut flaw on Monday	jmke	WebNews	0	31st July 2010 12:06
Microsoft warns of TLS/SSL flaw in Windows	jmke	WebNews	0	10th February 2010 13:28
Microsoft warns of IE flaw, turns PC into public file server	jmke	WebNews	0	5th February 2010 09:48
Microsoft knew about IE6 flaw for months ?	jmke	WebNews	4	22nd January 2010 18:41
Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch	jmke	WebNews	0	14th April 2009 18:47
Microsoft Security Bulletin Summary for September 2008	jmke	WebNews	0	9th September 2008 19:20
Microsoft Security Bulletin Summary for August 2007	jmke	WebNews	0	14th August 2007 22:21
Microsoft investigates potential new IE flaw	Sidney	WebNews	0	18th August 2005 18:15