Microsoft to plug critical IE vulnerability tomorrow with an out-of-band patch

Microsoft has stated that they will be releasing an out-of-band patch to plug up a critical exploit that affects IE6 - 8 and could allow for remote code execution. The out of band patch is marked as critical and will arrive on January 14th; the update will require you to restart your machine. 

This patch will plug up the hole that the Microsoft Security Advisory #2794220 that was reported on December 29th. The exploit that this patch will fix is detailed below:

The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

The easiest way to avoid this flaw is to upgrade your browser and, naturally, Microsoft recommends either IE9 or IE10 to help keep your machine protected.

The patch will be pushed out at approximately 10AM PST.

Source: Microsoft

Report a problem with article
Previous Story

Steven Sinofsky's CES 2013 impressions: Cool Windows 8 PCs and a "secret" product

Next Story

Nokia's Asha range outselling Lumias 2:1

11 Comments

Commenting is disabled on this article.

Damn, I guess I misread some stuff last night.
Was so looking forward to some updates, but I see this is just for IE 6 to 8.
I like it better when there's tons of Windows Updates.

Thief000 said,
Will this fix the bloody tabs growing in size when I click X on one of them, thus suddenly closing more than 1 tab?????

That's not a bug. Look at what it's doing - it makes closing multiple tabs easier by keeping the X in the same location when an adjacent tab has been closed. The time needed to adapt to this change is somewhere around 4 seconds so I pity anyone who is actually having problems with it.

korupt_one said,
is nice ms continue to patch old and outdated software for the people living in the stoneage.

I just wish they would supply me with oil for my lamps and new shoes for my horses.

Going back and patching IE 6 might not be as big a deal as it sounds. Depending on how and where the problems lie, it could just be a matter of checking out the older version of the code and fitting in the fix.

I'm sure there's code in IE that's been carried over from older versions forward. Which is probably why the problem exists in all versions.