Jump to content

Microsoft Fixes Three-Year Old Security Flaw in Internet Explorer


Recommended Posts


Microsoft is making really big efforts to make its software more secure (or at least, that’s what the company is saying), so every month’s Patch Tuesday rollout addresses vulnerabilities in a wide array of products, including Windows, Internet Explorer, and Office.

Redmond has recently fixed a vulnerability in Internet Explorer that was three years old, as it was found by the security researchers at VUPEN on February 12, 2011.

Officially patched on June 17 as part of bulletin MS14-035, the glitch was disclosed by VUPEN at the Pwn2Own hacking event in March this year.

“The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling ‘ShowSaveFileDialog()’, which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox,” the security researchers explained.

The Microsoft Security Bulletin MS14-035 was released to address two publicly disclosed vulnerabilities and 58 privately reported glitches in Internet Explorer, including the one discovered by VUPEN.

“The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights,” Microsoft explained.

“The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates permissions, and handles negotiation of certificates during a TLS session.”

The security flaw found by VUPEN affected pretty much all Internet Explorer versions on the market, including the old IE6 and the newly-launched IE11 which is part of Windows 8.1.

Microsoft hasn’t shared any details regarding the number of exploits that could have involved the flaw found by VUPEN, but since it was reported via private channels, users have most likely been on the safe side until the company rolled out a patch.

In case you’re wondering, VUPEN has a pretty good history on finding vulnerabilities at hacking competitions, as the company has until now raised no less than $300,000 (€225,000) for flaws found in Adobe Reader, Internet Explorer, Mozilla Firefox, and Adobe Flash, according to The Register.

At this point, all Internet Explorer installations should be on the safe side if all security patches delivered via Windows Update are installed.

Source: http://news.softpedia.com/news/Microsoft-Fixes-Three-Year-Old-Security-Flaw-in-Internet-Explorer-453112.shtml

Link to comment
Share on other sites

  • Replies 5
  • Views 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

  • dMog


  • Matsuda


  • LeeSmithG


  • Nastrahl


Top Posters In This Topic

internet explorer...what is that how do i find it on my computer...never heard of such a browser :lol:


Edited by dMog
Link to comment
Share on other sites

It's almost impossible to NOT use it-at least on rare occasions. Ex.-whenever I get Facebook notifications, links open in IE. Another-Weatherbug links also open in IE. I have all defaults set to Pale Moon.

Edited by shorty6100
Link to comment
Share on other sites


What is that? yXZVmpE.gif

It's where faceless morons looking for cheap and easy sexual relationships hang-out, so Jeremy Kyle.

I do not have a facebook account however 9 morons signed up accounts entering my unique emails.

I changed the password and phoned the number they left as their contact details, ha ha.

Back to the thread, I adore IE, always have done always will do, but, shame on M$ for not doing the fix sooner.

Edited by LeeSmithG
Link to comment
Share on other sites

It's almost impossible to NOT use it-at least on rare ocassions. Ex.-whenever I get Facebook notifications, links opeen in IE. Another-Weatherbug links also open in IE. I have all defaults set to Pale Moon.

You can uninstall it from Program & Features, then "Turn Windows features on and off" in the column on the right.

Here, IE is just the fastest browser, and the only officially 64-bits supported, but lacks in add-ons/extensions. And for some unknown reasons, doesn't terminate its process on exiting.

Edited by Nastrahl
Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...