Site icon IT World Canada

Microsoft releases critical IE 8 patch

Microsoft Inc. is advising users of its Internet Explorer 8 to immediately apply a critical patch which it released Tuesday along with nine other fixes for the browser.

The IE 8 security bulletin MS13-038 is meant to address a vulnerability in the browser which attackers used in controlling the Web page of the United States Department of Labour earlier this month in an attempt to install malware on in the machine of site visitors.

Microsoft last week issued a temporary fix for that vulnerability.

RELATED CONTENT

Microsoft’s patch Tuesday tackles Windows 8 flaws

Users of Windows Serer 2012 were also advised by Microsoft to install MS 13-039. It is meant to fix a flaw in the Microsoft Web IIS (Internet Information Services) that could be used in a Denial of Service Attack (DoS) with the use of an HTTP (hypertext transfer protocol) jacket.

The vulnerability makes it easy launch such a DoS attack and that the method could be used by hackers as early as next week, according to some security experts.

DoS attacks are considered second or third tier risks but they could be very disruptive to an organization, said Ross Barrett, senior manager of security engineering at security firm Rapid7. He said many remote services and Active Directory integrators rely on http systems.

Another security bulletin MS 13-037 released on Patch Tuesday, deals with 11 issues that make it easy to inject malicious code into Internet Explorer from specially crafted Web pages that allow attackers to control the PC of visitors.

The remaining patches were not critical. They address bugs in Microsoft Lync, MS Publisher, Word, Visio, Windows Essential, .Net and the Windows kernel

Read the whole story here

Exit mobile version