|10 Jan 2011||#1|
| || |
Microsoft to fix Windows holes, but not ones in IE
Microsoft said today that it will release two security bulletins next week fixing three holes in Windows, but it is still investigating or working on fixing holes in Internet Explorer that have been reportedly exploited in attacks.
One bulletin due out on Patch Tuesday, rated "important," affects only Windows Vista but the second one, with an aggregate rating of "critical," affects all supported versions of Windows.
Also not mentioned in the Patch Tuesday preview announcement by Microsoft is a bug in IE disclosed last weekend by Michal Zalewski, a security researcher for Google based in Poland. Zalewski released a tool he used to find the hole and others in all the major browsers and said that an exploit for the IE bug had been leaked to the Web accidentally. Security firm Vupen has confirmed the critical hole in IE 8. Microsoft says in Security Advisory 2490606 that it is investigating the bug reports.
Josh Abraham, a security researcher at Rapid7, was surprised that Microsoft was not rushing to fix holes that were reportedly being used in attacks.
"With only two bulletins this month, the big shock is that Microsoft is not addressing two security advisories that have already been weaponized," Abraham said. "I would bet that if the malicious attackers start using the exploits, then we will see an out-of-band patch."
Microsoft to fix Windows holes, but not ones in IE | Security - CNET News
|My System Specs|
|Similar help and support threads for2: Microsoft to fix Windows holes, but not ones in IE|
|Reckless IT pros are missing security holes in non-Microsoft software||Security News|
|Microsoft to fix dangerous IE, Windows security holes||Windows Updates & Activation|
|Microsoft readies patch for gaping IE browser security holes||Security News|
|According to Microsoft there are Security Holes in Google and Apple ..||Security News|
|IE9-exploit holes in Windows 7 SP1 lays bare||Security News|
|Microsoft Plugs Office Holes, But No IE Fix Yet||Browsers & Mail|
|Microsoft plugs 15 holes including critical driveby bug||System Security|