By John Leyden
29th March 2010
Microsoft has announced plans to release an out-of-sequence patch,
designed to resolve a zero-day vulnerability in Internet Explorer.
A cumulative update to Internet Explorer (MS10-018) plugs a security
hole in IE 6 and IE 7 exploit by hackers over recent weeks. The latest
version of Microsoft's browser - IE 8 - is not vulnerable to the flaw,
which Microsoft first acknowledged was a problem on 9 March.
The vulnerability involves a flaw in the iepeers.dll library involving
the handling of invalid values passed to the "setAttribute()" function.
Exploits create a means to drop malware onto the PCs of victims,
providing they visit booby-trapped website using vulnerable version of
IE, as explained in our earlier story here.
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!