Title: Microsoft preparing to patch IE hole after exploit code released
Microsoft said on Friday it is testing a patch to fix a new hole in Internet Explorer 6 and IE 7 following
the release of exploit code on the Internet. Microsoft warned about the hole, which it said was being targeted
in attacks and could allow an attacker to take control of a computer, in an advisory on Tuesday. The next day, Israeli researcher Moshe Ben Abu released exploit code for the vulnerability after using clues in a McAfee blog post to find existing exploit code and pinpointing the weakness from there.
"We have seen speculation that Microsoft might release an update for this issue out of band. I can tell you
that we are working hard to produce an update which is now in testing," Jerry Bryant, senior security communications manager lead at Microsoft, wrote in a post on the Microsoft Security Response Center blog.
"This is a critical and time-intensive step of the process as the update must be tested against all affected
versions of Internet Explorer on all supported versions of Windows. Additionally, each supported language
version needs to be tested as well as testing against thousands of third party applications," he wrote. "We
never rule out the possibility of an out-of-band update. When the update is ready for broad distribution,
we will make that decision based on customer needs."
"With today's update, we have added a Microsoft Fix It to automate this workaround for Windows XP and
Windows Server 2003 customers," Bryant said. "As always, customers should test this thoroughly before
deploying as certain functionality that depends on the peer factory class, such as printing from Internet
Explorer and the use of Web folders, may be affected."
No comments:
Post a Comment