Microsoft Out-Of-Cycle Patch

Microsoft will be releasing an out-of-cycle update on Tuesday March 30th for Internet Explorer that fixes 9 vulnerabilities, including a zero-day that has been exploited in attacks on IE6 and 7.   The zero-day IE vulnerability could allow an attacker to take control of a machine if a user visited a malicious Web site.  Users of IE8 and Windows 7 are not vulnerable to that flaw, however all current versions of Windows are listed as affected by the other vulnerabiilties being addressed by the cumulative update.  Microsoft’s decision to release rather than wait until April 13th is an indication that attacks against the ‘iepeers’ vulnerability are on the rise.

Security Advisory 981374

Advertisements