Thursday, May 01, 2014

Out of Band Security Update for IE Zero-Day Vulnerability


Microsoft released an out-of-band security update to address the security vulnerability in Internet Explorer described in Microsoft  Security Advisory 2963983.

Of important note:  Although Windows XP is no longer supported by Microsoft, the decision was made to issue a security update for Windows XP users.

Critical:

  • MS14-021 -- Security Update for Internet Explorer (2965111) 

    This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...




    1 comment:

    Buffet said...

    Woody Leonhard (my "go to" reference for these types of things) recommends to WAIT, perhaps until sometime next week, before patching!
    He hasn't steered me wrong yet.
    I keep track of what to do at AskWoody.com.