Microsoft "Fix it" available for Internet Explorer 6, 7, and 8

This past weekend we have alerted you about a vulnerability present in Internet Explorer 6, 7, and 8 which has already been used in limited targeted attacks. Later versions of Internet Explorer (9 and 10) are not affected by this issue. As always, we recommend upgrading to the latest available. For those who are constrained to older…

0

More information on Security Advisory 2757760's Fix It

Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more about the vulnerability and explain how the Fix It solution…

0

Reports of DEP being bypassed

Yesterday we heard reports of a commercially available exploit that bypasses DEP. This exploit was made available to a limited number of major security vendors (Antivirus, IDS, and IPS vendors) and government CERT agencies. We wanted to use this opportunity to give an overview of current customer risk related to this DEP bypass. Real-world attacks…

0

Assessing risk of IE 0day vulnerability

Yesterday, the MSRC released Microsoft Security Advisory 979352 alerting customers to limited, sophisticated attacks targeting Internet Explorer 6 customers. Today, samples of that exploit were made publicly available. Before we get into the details I want to make one thing perfectly clear. The attacks we have seen to date, including the exploit released publicly, only affect…

0

MS09-023: Windows Search and MSHTML Host Apps

Today, we released MS09-023, a bulletin for Windows Search 4.0. It is an information disclosure vulnerability rated as Moderate. We would like to go into more details in this blog to help you understand: What is the attack vector? Why is this vulnerability rated as Moderate? What is the risk of MSHTML hosting apps? What…

0

The MSHTML Host Security FAQ: Part II of II

MSHTML, a.k.a. Trident, is the Internet Explorer browser rendering engine. MSHTML is a great solution for rendering HTML content, either in the context of a web browser, or simply to display rich UI in an application. You are likely not even aware of some of the many ways MSHTML is hosted within Windows and third…

0

The MSHTML Host Security FAQ: Part I of II

MSHTML, a.k.a. Trident, is the Internet Explorer browser rendering engine. MSHTML is a great solution for rendering HTML content, either in the context of a web browser, or simply to display rich UI in an application. You are likely not even aware of some of the many ways MSHTML is hosted within Windows and third…

0