March patches for Microsoft

Status
Not open for further replies.

syringe

In Runtime
Messages
111
Patch 'em if you got 'em


Microsoft released its March security bulletin yesterday, patching seven vulnerabilities--six of which allowed remote code execution via Microsoft Office.

The issues affecting Office allow for a 'drive-by download' whereby a user simply visits a malicious webpage with Internet Explorer to become affected...

SOURCE
 
Notice how they said "with Internet Explorer". People should realize it already and switch to a better web browser like Firefox. If I could get rid of IE I would have done it along time ago.
 
Law said:
Notice how they said "with Internet Explorer". People should realize it already and switch to a better web browser like Firefox. If I could get rid of IE I would have done it along time ago.

Go back and read the Advisory... they mention IE because it's one possible point of attack, however once you read the details you'll see that there are many points of attack and it's not even browser related..
 
Microsoft's Internet Explorer browser crashes when attacked through a new unpatched vulnerability, security companies warned Friday.

The zero-day bug occurs within the "mshtml" library when a malformed HTML tag with an abnormally large number of script handlers is fed to the browser. According to the researcher who posted the initial description to the Bugtraq security mailing list, attackers can easily crash IE by flooding its buffer.

The researcher, Michal Zalewski, also released proof-of-concept code that crashes the latest IE release on a fully-patched edition of Windows XP SP2.
 
Status
Not open for further replies.
Back
Top Bottom