Like every month, the Microsoft approach to publishing, the "sécurosphère" is boiling. What will it take to patch this month? A total of 8 bulletins, 6 critical. list here . We will say that this is a menu "usual" (Although some habits should be lost ...:)).
But this month ... Chef's surprise: a 0-day flaw in IE7. And as is the 0-day, the patches released today, including the MS08-073, do not correct the fault. And to accompany that of the PoC (Proof of Concept) were released into the wild.
What does this little beast? It operates mismanagement XML malicieu to inject code into memory.
The SANS Institute tells us more in advising us an alternative browser and Secunia advises us not to click links "Trusted".
And if you test Firefox ? :)
Other sources:
eEye Digital Security - Research - link
Blog - ZDNet - link
McAfee Avert Labs Blog - link
Update of 11/12: A peeling the attack was carried out by CERT-LEXSI. Their blog .
0 comments:
Post a Comment