nsane.forums Posted January 12, 2011 Share Posted January 12, 2011 Critical vulnerability could allow for remote code execution Microsoft has released an intermediate fix for a critical vulnerability with Internet Explorer that could leave computers open to attack and remote code execution. The software giant said that there have been public reports of limited attacks which could let a hacker take control of a computer. "The vulnerability exists due to the creation of uninitialised memory during a CSS [Cascading Style Sheets] function within Internet Explorer," Microsoft said in its Security Advisory 2488013. "It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted web page to gain remote code execution." Microsoft is investigating the issue and has released some mitigating workarounds which it recommends customers to deploy. The vulnerability affects Internet Explorer 6, 7 and 8, and was first acknowledged by Microsoft in December. However, the company has now updated its guidance having created the workaround. This new intermediate fix prevents the recursive loading of CSS in Internet Explorer, and Microsoft suggested that, with IT administrators already being " under active attack", they should evaluate its suitability. Microsoft said in a posting to its Security Research & Defence blog that the workarounds are currently the only way to mitigate the threat, because there is no way to selectively disable the functionality that makes it possible. The workaround applies a level of scrutiny to CSS, and will cause Internet Explorer to reject the importation of any style sheet that has the same URL as the CSS from which it is being loaded. "Simply put, the workaround inserts a check to see if a style sheet is about to be loaded recursively, and if it so, it aborts the load of the style sheet," the company said. View: Original Article Link to comment Share on other sites More sharing options...
Marik Posted January 12, 2011 Share Posted January 12, 2011 with the keyword here being "temporary" :lmao: Link to comment Share on other sites More sharing options...
oZ. Posted January 13, 2011 Share Posted January 13, 2011 Windows 7 + Office 2010 = MS best products since the birth of MS.Internet g** explorer 9 is just doesn't count Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.