July 29, 2009
Microsoft Releasing Security Update For IE
Microsoft released a security patch on Tuesday that will prevent hackers from being able to exploit a vulnerability in its web browser Internet Explorer (IE).
The company said that the security update would be automatically installed for IE users that have the feature to automatically update their versions of the software on their computer. Users that have not enabled this feature will have to install the update manually.The update, according to the U.S. software giant, resolves three privately reported vulnerabilities in the web browser.
"These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer," Microsoft said.
It said the security patch "addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory and table operations."
According to Microsoft, a capable attacker would be able to exploit the flaw by constructing a specially crafted Web page.
"When a user views the Web page, the vulnerability could allow remote code execution," it said. "An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user."
"If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," it said.
The company said that the security update is considered to be "critical" for users of a certain version of Internet Explorer running on Windows 2000 and Windows XP operating systems.
On the Net: