Software giant Microsoft has announced the latest Internet Explorer zero-day flaw, titled CVE-2013-3918, along with the news that the same will be fixed in this month’s Patch Tuesday. On Friday, researchers at security firm FireEye shared details of vulnerabilities that they had discovered in Internet Explorer, which were actively being exploited by cybercriminals. Today’s post, however, has Dustin Childs of Microsoft’s Trustworthy Computing group saying that the security flaws are already set to be fixed in this month’s regular bundle. While talking about it, he said, “Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS).”
Microsoft will be rolling out a patch for a new zero-day flaw in Internet Explorer
As far as the timeframe in which the update would be made available is concerned, Childs said, “The security update will be distributed to customers tomorrow via Windows Update at approximately 10:00 AM PDT. Customers who have Automatic Updates enabled will not need to take any action to receive the update.” Needless to say, if you are running Microsoft software on your machine, you should check for security updates through the day and consider rolling them across your PC as soon as is possible. You can read more about Bulletin 3 from the company’s November Security Bulletin Advance. News that Microsoft already has a fix in place and ready for public use is definitely good, given that certain security researchers claim that they have seen malware that can use the exploit to load directly into targeted computer’s memory, bypassing the hard drive. The “diskless” nature of the threat makes it more of a task for computers to find out if their computers have been compromised. The company, however, has not revealed much in its advanced notification to avoid giving away important information to criminals. According to The Next Web, though, Bulletin 3 is aimed for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012 and Windows RT.
ReadMore:Android Games
No comments:
Post a Comment