New Critical MEGApatch fixes 10 Vulnerabilities in Internet Explorer


Well how many does that leave unpatched? 30+ if I remember correctly from the PivX page that got taken down mysteriously.

Microsoft on Tuesday released a “critical” Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks.

The Redmond, Wash., software giant sent out the IE megafix as part of its monthly Patch Tuesday cycle of bulletins. In addition, Microsoft delivered two bulletins for “critical” Windows flaws, one for an “important” vulnerability in Outlook Express and one for a “moderate” bug in a component of FrontPage and SharePoint.

I think this whole Patch Tuesday is a stupid idea in itself, why can’t they release patches for critical vulnerabilities ASAP?

Some pretty scary news though eh? For normal users anyway.

Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer running vulnerable versions of the Web browser.

Apparently they say, only one has been used…the one we talked about previously (The CreateTextRange Exploit).

According to Microsoft’s bulletin, three of the 10 vulnerabilities fixed by the update had been publicly disclosed. Only the CreateTextRange flaw was being exploited in attacks, the software maker said.

Basically you can get complete control of the machine just by getting a user to visit a maliciously built web page, good stuff!

Source: News.com

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , , ,


Latest Posts:


tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.


Comments are closed.