Alert

Microsoft Security Advisory (2934088)

As per Dustin Childs @ the Microsoft Security Response Center (MSRC):

19 Feb 2014 3:10 PM

Today, we released Security Advisory 2934088 regarding an issue that impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected. At this time, we are only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

As part of the security advisory, we have also included an easy, one-click Fix it to address the known attack vectors. The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code and should not affect your ability to browse the web. Additionally, applying the Fix it does not require a reboot. We encourage all customers using Internet Explorer 9 and 10 to apply this Fix it to help protect their systems. The Security Research and Defense blog provides greater technical insight into the issue and how the Fix it helps protect customers.

Internet Explorer 11 is not affected by this issue, so upgrading to this version will also help protect customers from this issue.

Continued : http://blogs.technet.com/b/msrc/archive/2014/02/19/microsoft-releases-security-advisory-2934088.aspx

See:
Microsoft Security Advisory 2934088 - Vulnerability in Internet Explorer Could Allow Remote Code Execution
Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322

* * * * * * * * *
Note:
In the Microsoft Advisory 2934088 (Suggested Actions > Workarounds) and Security Research and Defense blog, the Enhanced Mitigation Experience Toolkit (EMET) is also suggested as an effective way to block the targeted attacks.

Discussion is locked
Follow
Reply to: Microsoft Security Advisory (2934088)
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Microsoft Security Advisory (2934088)
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments

CNET Forums