The Hacker News Logo
Subscribe to Newsletter

Microsoft Patch Tuesday to fix critical IE8 zero-day flaw

This coming Tuesday, Microsoft will issue fixes for 33 vulnerabilities in total, including two critical zero-day flaws relating to Internet Explorer recently discovered that has been used to attack several high-profile targets.

Internet Explorer 6, 7, 8, 9 and 10 are the recipients of a patch that can prevent an exploit that enables remote code execution in the browser. This affects all Windows operating systems except XP.

The vulnerability (CVE-​​2013-​​1347) had previously been addressed in a workaround yesterday, but given the way it was being exploited with attacks reported on the US Department of Labor and European aerospace and nuclear researchers the patch has been prioritised.

A second bulletin deals with another IE vulnerability believed to be one disclosed in March at the annual Pwn2Own hacking competition. At least four of the patches require a restart, Microsoft said.

The remaining eight patches will address flaws that range from denial-of-service errors that can cause Windows to crash, to remote code execution issues in Microsoft Office and Lync.

Also An elevation of privileges that would allow an attacker to gain additional rights to the affected system, and information disclosure issues relating to Windows Essentials 2011 and 2012 will be addressed.

The security fixes will be released on May 14 through the usual update channels, such as Windows and Microsoft Update.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.