Microsoft Patches Critical Drive-by IE9 Bug
Microsoft fixed 16 flaws, picks up IE update tempo
Microsoft yesterday patched 16 vulnerabilities, including one in Windows that's been exploited for weeks and two in Internet Explorer 9 (IE9) in the first-in-years back-to-back browser update. Of Tuesday's nine security updates, three were rated critical, Microsoft's most-severe threat ranking, while the others were pegged as important, the next-most-serious label. Among the products patched yesterday were all versions of Windows; Office 2003, 2007 and 2010 on Windows; Office for Mac 2011; and IE9, Microsoft's newest browser that the company has touted as its most modern and most secure.
The three critical updates - Microsoft dubs them bulletins - were the ones tagged by Microsoft and independent security researchers as the first to apply. As expected, Microsoft fixed a flaw in XML Core Services (MSXML) with MS12-043. The MSXML vulnerability has been actively exploited in targeted attacks against high-value victims, including those in aerospace and defense industries, for weeks. Microsoft acknowledged the attacks almost a month ago, but contrary to some experts' speculation, did not issue an emergency, or "out-of-band," update, instead waiting until the regular Patch Tuesday.
Comments
Be the first to write a comment
You must me logged in to write a comment.