Microsoft Patch Tuesday: Just two critical fixes but they affect a lot of Windows systems

By , Network World |  Security, Microsoft, Windows 7

None of the bulletins this month directly address a zero-day vulnerability found in the wild over the weekend in fully patched versions of Internet Explorer 6, 7 and 8. The flaw allows attackers to gain control of affected machines. The attack comes from malicious Web sites containing content that exploits the vulnerability in visiting browsers, Microsoft says.

BACKGROUND: Microsoft issues quick fix for critical zero-day hole in IE 

The company has issued a workaround but not a patch, and IT departments should make implementing the workaround their top priority, Henry says.

It would be surprising if Microsoft had developed the IE patch already, says Andrew Storms, director of security operations for nCircle. "It would have taken a miracle for Microsoft to patch a zero-day one week after a zero-day advisory," he says.

However, it is possible that one of this month's patches will repair operating-system vulnerabilities the IE attack could exploit, says Henry. With the details Microsoft has released so far it's impossible to tell. "If the browser is just a path to an underlying vulnerability in the operating system, then this issue will likely be fixed by one of the patches. If the vulnerability is exclusive to the browser, on the other hand, then this is still something to watch out for," Henry says.

(Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter https://twitter.com/#!/Tim_Greene.)

Read more about software in Network World's Software section.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question