We have another IE flaw, one which applies to IE6 though IE11 and officially all versions of Windows since Vista; unofficially it will also effect the non-supported legacy OS versions as well. This particular issue is not a memory overflow but instead is what is referred to as use-after-free which does make it somewhat harder to craft a webpage to take advantage of. Corporate users of the Enhanced Mitigation Experience Toolkit should make sure their users are up to date while the rest of us who are using IE should consider Protected Mode or upping your Security to high. Pop by The Register for a link to the full description of the vulnerability.
"The flaw means the browser “may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer"."
Here is some more Tech News from around the web:
- Watch out! KILLER HP firmware update bricks ProLiant server mobos @ The Register
- Microsoft: The MORE Surfaces it sells, the MORE money it loses @ The Register
- The Hackaday Prize: You Build Open Hardware, We Send You to Space @ Hack a Day
- Lost treasure of Atari REVEALED @ The Register
And as usual M$ only gives
And as usual M$ only gives instructions on their security bulletins for IE 10 and 11, no IE 9 instructions for internet options settings, and I can not use IE 10 or 11, and still us my printer plugins! Why does M$ always break printer plugins when they update IE, looks like M$ should put a disable/enable Flash player button on the menu bar so users can easily disable/enable flash player until they visit a (whitelisted by the user) safe page that the user knows requires flash. Every day is a zero day with M$!
Enable flash player for this page only?, Remember this option Y/N?