Well how many does that leave unpatched? 30+ if I remember correctly from the PivX page that got taken down mysteriously.
Microsoft on Tuesday released a “critical” Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks.
The Redmond, Wash., software giant sent out the IE megafix as part of its monthly Patch Tuesday cycle of bulletins. In addition, Microsoft delivered two bulletins for “critical” Windows flaws, one for an “important” vulnerability in Outlook Express and one for a “moderate” bug in a component of FrontPage and SharePoint.
I think this whole Patch Tuesday is a stupid idea in itself, why can’t they release patches for critical vulnerabilities ASAP?
Some pretty scary news though eh? For normal users anyway.
Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer running vulnerable versions of the Web browser.
Apparently they say, only one has been used…the one we talked about previously (The CreateTextRange Exploit).
According to Microsoft’s bulletin, three of the 10 vulnerabilities fixed by the update had been publicly disclosed. Only the CreateTextRange flaw was being exploited in attacks, the software maker said.
Basically you can get complete control of the machine just by getting a user to visit a maliciously built web page, good stuff!
- OpenVAS 7 Released – Open Source Vulnerability Scanner
- Google Leaves Android Users Vulnerable To WebView Exploit
- pwntools – CTF Framework & Exploit Development Library
- 3Com’s TippingPoint Finds New IE Vulnerabilities
- Microsoft Unleashes Record Breaking Patch Tuesday – April 2011
- Microsoft Plugs 11 Serious Flaws in December Update
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 228,902 views
- AJAX: Is your application secure enough? - 119,308 views
- eEye Launches 0-Day Exploit Tracker - 85,157 views