In light of the recent survey conducted IE flaw, Microsoft released a security bulletin today, KB979352, that the impact of multiple versions of IE vulnerability for remote code execution vulnerability exists in IE, an invalid pointer reference. In particular attack, IE will be released in the visit to allow remote code execution when the object.
Microsoft is an official spokesman said: "Microsoft has been confirmed, IE yes Google Yiji other Zuzhiwangluo one tool being attacked, Gong Si will continue and Google, Other industry Huoban and the co-Lai further investigate this issue. Currently, Microsoft has not see a broader range of users being affected, and only found in IE6 in a limited active attacks using this vulnerability, other versions are not under attack. "
Microsoft said the flaw does not affect Windows 2000 SP4 on IE 5.01 SP4, but the existence of the following versions are found in remote code execution vulnerability: Windows 2000 SP4 on IE6 SP1; Windows XP, Vista, Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 on IE6, IE7, IE8.
Microsoft currently has not issued a patch, but provided some emergency measures to alleviate the problem. Microsoft said that after further investigation will be released on Tuesday related to patch patch, or to provide users with non-cyclical safety upgrades.
没有评论:
发表评论