Systems Affected
* Microsoft
Internet Explorer 6
* Microsoft
Internet Explorer 7
* Microsoft
Internet Explorer 8
* Microsoft
Internet Explorer 9
Overview
Microsoft has
released Security Bulletin MS12-063 to address the
use-after-free
vulnerability that has been actively exploited this
past week.
Description
Microsoft
Internet Explorer versions 6, 7, 8, and 9 are susceptible
to a
use-after-free vulnerability. This vulnerability is being
actively
exploited in the wild. Microsoft has released Security
Bulletin
MS12-063 to patch this vulnerability and four others.
This
vulnerability was previously mentioned in US-CERT Alert
TA12-262A.
Additional information is available in US-CERT
Vulnerability Note
VU#480095.
Impact
A remote,
unauthenticated attacker could execute arbitrary code,
cause a denial
of service, or gain unauthorized access to your
files or system.
Solution
US-CERT
recommends that Internet Explorer users run Windows Update
as soon as
possible to apply the MS12-063 patch.
References
* Microsoft
Security Bulletin MS12-063
* US-CERT Alert:
Microsoft Security Advisory for Internet Explorer
Exploit
* Microsoft
Windows Update
* US-CERT
Vulnerability Note VU#480095
* Microsoft Security Advisory (2755801)
- Title: Update
for Vulnerabilities in Adobe Flash Player in
Internet
Explorer 10
- Revision Note:
V1.0 (September 21, 2012): Advisory published.
* Microsoft Security Advisory (2757760)
- Title:
Vulnerability in Internet Explorer Could Allow Remote
Code
Execution
- Revision Note:
V2.0 (September 21, 2012): Advisory updated to
reflect
publication of security bulletin.
No comments:
Post a Comment