Comments
HAVING PROBLMS WIT MICROSOFT? Lance Whitney explans why.
permanent fix for the latest bug in Internet Explorer is still in the works.
by Lance Whitney
January 4, 2013 9:23 AM PST
Microsoft's regular Patch Tuesday rolls around next week. But one flaw that won't be fixed in the mix is the latest zero-day exploit in Internet Explorer.
Last Saturday, Microsoft warned about the zero-day flaw in IE 6, 7, and 8 that could allow attackers to gain control of Windows computers to host malicious Web sites. In its advisory, the company noted that IE 9 and 10 are unaffected by the vulnerability and suggested a variety of workarounds to those running the older browser versions.
On Monday, the company issued a temporary fix that prevents the flaw from being exploited without forcing users to tweak their browser settings. Microsoft warned that this fix is not designed to replace actual security updates but revealed that it is working on a permanent fix.
"We are actively working on a security update for the issue described by Security Advisory 2794220," Dustin Childs, group manager of Microsoft Trustworthy Computing, said in a statement sent to CNET today.
"At this time, we've seen only a limited number of affected customers," he added. "We take customer protection very seriously and until a security update is released, we encourage people to apply the one-click Fix it solution offered with Security Advisory 2794220 to help ensure protection. Additionally, customers should ensure their anti-malware solution is up-to-date and follow good network hygiene practices, such as enabling a firewall, for added protection against threats."
The flaw can only be exploited if a user is taken to a malicious Web site, typically through an e-mail or instant message. So as always, people should be wary of opening any links in an e-mail or IM that seem suspicious.
permanent fix for the latest bug in Internet Explorer is still in the works.
by Lance Whitney
January 4, 2013 9:23 AM PST
Microsoft's regular Patch Tuesday rolls around next week. But one flaw that won't be fixed in the mix is the latest zero-day exploit in Internet Explorer.
Last Saturday, Microsoft warned about the zero-day flaw in IE 6, 7, and 8 that could allow attackers to gain control of Windows computers to host malicious Web sites. In its advisory, the company noted that IE 9 and 10 are unaffected by the vulnerability and suggested a variety of workarounds to those running the older browser versions.
On Monday, the company issued a temporary fix that prevents the flaw from being exploited without forcing users to tweak their browser settings. Microsoft warned that this fix is not designed to replace actual security updates but revealed that it is working on a permanent fix.
"We are actively working on a security update for the issue described by Security Advisory 2794220," Dustin Childs, group manager of Microsoft Trustworthy Computing, said in a statement sent to CNET today.
"At this time, we've seen only a limited number of affected customers," he added. "We take customer protection very seriously and until a security update is released, we encourage people to apply the one-click Fix it solution offered with Security Advisory 2794220 to help ensure protection. Additionally, customers should ensure their anti-malware solution is up-to-date and follow good network hygiene practices, such as enabling a firewall, for added protection against threats."
The flaw can only be exploited if a user is taken to a malicious Web site, typically through an e-mail or instant message. So as always, people should be wary of opening any links in an e-mail or IM that seem suspicious.
by Rtucker
OM says:
I will share this with my facebook friends.
Thanks
Thanks
Rtucker says:
I hope this informaton was helpful to any of your micrsoft questions or problems, OM