Security Advisory 2887505 and Microsoft Fix it

[Corrine]

Microsoft released Security Advisory 2887505 which relates to an issue with Internet Explorer.

It is important to note that there are a limited number of targeted attacks which are specifically directed at Internet Explorer 8 and 9. The issue, however, could potentially affect all supported versions of IE.

As described by Dustin Childs in the below-referenced MSRC Blog post,

"This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message."

Links to the Microsoft Fix it for IE 8 and IE9 as well as additional mitigations and references are available in my blog post at Security Advisory 2887505 and Microsoft Fix it.

 

[Corrine]

Note: The Fix it solution applies only 32-bit versions of Internet Explorer.

 

[Temmu]

thanks corrine!
interesting to see that solution ahead of a patch.

 

[Corrine]

Microsoft has done that before between patch Tuesdays. Since it was reported that there are a limited number of targeted attacks directed at Internet Explorer 8 and 9, it was a good move to get the Fix it out ASAP.