Microsoft released Security Advisory 2458511 which relates to a vulnerability in Internet Explorer that could allow remote code execution. The vulnerability does not affect IE9 Beta but the other versions of IE are affected.
As indicated in the MSRC Blog, the impact of this vulnerability is extremely limited. Microsoft is not aware of any affected customers. From the report it was indicated that the exploit code was discovered on a single website which is no longer hosting the malicious code.
It is important to note that all attack Microsoft has seen are all blocked by DEP which is enabled by default on IE8 and can also be enabled for earlier versions of IE. Additional mitigations are described in DEP, EMET protect against attacks on the latest Internet Explorer vulnerability and the Security Advisory.
References:
- DEP, EMET protect against attacks on the latest Internet Explorer vulnerability
- Microsoft Security Advisory (2458511)
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.