Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,255 Location Upstate, NY Apr 27, 2014 #1 Microsoft released Security Advisory 2963983 which relates to a vulnerability in Internet Explorer. With the vulnerability, an attacker could cause remote code execution if someone visited a malicious website with an affected browser. Generally, this would occur by an attacker convincing someone to click a link in an email or instant message. Although the vulnerability affects all versions of IE, at this time, Microsoft is aware of limited, targeted attacks, in which the exploit observed appears to target IE9, IE10 and IE11. Recommendations are available in Microsoft Security Advisory 2963983 as well as my blog post, Security Advisory 2963983, IE Zero-Day Vulnerability which includes additional references.
Microsoft released Security Advisory 2963983 which relates to a vulnerability in Internet Explorer. With the vulnerability, an attacker could cause remote code execution if someone visited a malicious website with an affected browser. Generally, this would occur by an attacker convincing someone to click a link in an email or instant message. Although the vulnerability affects all versions of IE, at this time, Microsoft is aware of limited, targeted attacks, in which the exploit observed appears to target IE9, IE10 and IE11. Recommendations are available in Microsoft Security Advisory 2963983 as well as my blog post, Security Advisory 2963983, IE Zero-Day Vulnerability which includes additional references.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,255 Location Upstate, NY Apr 28, 2014 #2 Microsoft Internet Explorer Use-After-Free Vulnerability Guidance | US-CERT US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser. Click to expand... UK Government officials have also advised using an alternate browser: UPDATE 2-US, UK advise avoiding Internet Explorer until bug fixed: Thomson Reuters Business News - MSN Money Google Chrome and Mozilla Firefox (as well as Pale Moon) run on Windows XP and will receive security fixes until at least April 2015.
Microsoft Internet Explorer Use-After-Free Vulnerability Guidance | US-CERT US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser. Click to expand... UK Government officials have also advised using an alternate browser: UPDATE 2-US, UK advise avoiding Internet Explorer until bug fixed: Thomson Reuters Business News - MSN Money Google Chrome and Mozilla Firefox (as well as Pale Moon) run on Windows XP and will receive security fixes until at least April 2015.
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,255 Location Upstate, NY May 1, 2014 #3 An out of band security update is being released today. In a surprising move, Microsoft has indeed decided to issue an update for Windows XP users! MSRC Blog Post: Out-of-Band Release to Address Microsoft Security Advisory 2963983
An out of band security update is being released today. In a surprising move, Microsoft has indeed decided to issue an update for Windows XP users! MSRC Blog Post: Out-of-Band Release to Address Microsoft Security Advisory 2963983
Corrine Administrator, Microsoft MVP, Security Analyst Staff member Joined Feb 22, 2012 Posts 12,255 Location Upstate, NY May 1, 2014 #4 The update has been released. See Out of Band Security Update for IE Zero-Day Vulnerability