Update: US-CERT Records Internet Explorer Security Advisory
An unpatched security hole in Microsoft's Internet Explorer (IE) browser has triggered an advisory that is now recorded with the U.S. Computer Emergency Readiness Team (US-CERT).
Microsoft's security advisory was recorded with US-CERT as VU#493881 on December 11. Vulnerability was found in IE 7, but IE 5.01 SP4, IE 6 and IE 8 Beta2 are also potentially affected. The Vulnerability Note includes a number of possible workarounds.
The actual Security Advisory 961051 from Microsoft also includes the so-called Disable XML Island and Disable Row Position functionality workarounds. The problem came about through an error in the browser's XML parser that can cause IE to exit unexpectedly in a state that is exploitable from a specially prepared website. IE users affected by the bug will need to wait until the next monthly security update from Microsoft.
Update: Microsoft has since released a Security Bulletin Summary so that users don't need to wait until the next monthly update In January. The bulletin with the out-of-band patch covers two security issues, including the XML parser bug described in this article. Microsoft, in their usual fashion, accompanied the to-do with webcasts and advance notification.
Tag Cloud
News
-
Google and NASA Partner in Quantum Computing Project
Vendor D-Wave scores big with a sale to NASA's Quantum Intelligence Lab.
-
Mageia Project Announces Mageia 3 Linux
Many package updates and Steam integration highlight the latest from the Mandriva-based community Linux.
-
FSF Outs the World Wide Web Consortium over DRM Proposal
Richard Stallman calls for the W3C to remain independent of vendor interests.
-
Debian 7.0 Debuts
The new release supports nine architectures, 73 human languages, and zero non-Free components.
-
Alpha Version of Fedora 19 Released
Fedora developers release the first alpha version of Fedora 19, known as Schrödinger’s Cat, for general testing. The final release is expected in July 2013.
-
ack 2.0 Released
ack is a grep-like, command-line tool that has been optimized for programmers to search large trees of source code.
-
SUSE Studio 1.3 Released
New features in SUSE Studio 1.3 include enhanced cloud integration, VM platform support, and lifecycle management.
-
Xen To Become Linux Foundation Collaborative Project
The Linux Foundation recently announced that the Xen Project is becoming a Linux Foundation Collaborative Project.
-
RunRev Releases Open Source Version of LiveCode
Open source version of LiveCode is now available for developing apps, games, and utilities for all major platforms.
-
OpenDaylight Project Formed
OpenDaylight is an open source software-defined networking project committed to furthering adoption of SDN and accelerating innovation in a vendor-neutral and open environment.