Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Pwn2Own IE Vulnerabilities Missing from Microsoft Patch Tuesday Updates
Posted by Philipp Esselbach on: 04/09/2013 10:23 PM [ Print | 0 comment(s) ]
Microsoft's monthly Patch Tuesday security updates released today did not include patches for Internet Explorer vulnerabilities used during the Pwn2Own contest one month ago
From Threadpost:
Pwn2Own IE Vulnerabilities Missing from Microsoft Patch Tuesday Updates
“Microsoft works with the security community to protect our customers against all threats and we are investigating possible issues identified by researchers during the Pwn2Own competition. We are not aware of any attacks and the issues should not affect our customers, as Pwn2Own organizers do not publicly disclose the competition’s findings,” said Dustin Childs, group manager, Microsoft Trustworthy Computing.
Today’s IE rollup addresses a pair of critical remote code execution flaws in versions 6-10 the browser. Both are use- after free vulnerabilities that exist in the way IE accesses objects in memory that have been deleted. “These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of a user,” Microsoft said in its advisory MS13-028. Users would have to be lured to a website hosting an exploit via a phishing or spam email, Microsoft said.
Today’s IE rollup addresses a pair of critical remote code execution flaws in versions 6-10 the browser. Both are use- after free vulnerabilities that exist in the way IE accesses objects in memory that have been deleted. “These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of a user,” Microsoft said in its advisory MS13-028. Users would have to be lured to a website hosting an exploit via a phishing or spam email, Microsoft said.
Pwn2Own IE Vulnerabilities Missing from Microsoft Patch Tuesday Updates
