Microsoft's Patch Tuesday Resolves Security Flaws in Internet Explorer

Microsoft has patched four privately disclosed vulnerabilities and one publicly disclosed vulnerability in Internet explorer (IE). The security update resolves the use-after-free bug, which was successfully exploited during the Pwn2own contest.

Albuquerque, NM (prHWY.com) April 14, 2011 - Microsoft mitigated 64 vulnerabilities in the latest Patch Tuesday. In all Microsoft released 17 security bulletins. The gigantic security update by the developer also includes patch for four privately disclosed vulnerabilities and one publicly disclosed vulnerability in Internet explorer (IE). The company has rated the update as critical on Windows clients for IE6, IE7 and IE8 and moderate for IE6, IE7 and IE8 on Windows servers. The security flaws do not affect IE9. The security flaws could allow remote code execution, if the user views a specially crafted malicious web page on IE. Exploitation of the security flaws could enable the attacker to gain the same rights as those of the user account. The update improves the way IE manages objects in memory, and content and script during some processes.

One of the five vulnerabilities mitigated is a use-after-free bug, which was successfully exploited by security researcher Stephen Fewer in Pwn2own contest at CanSecWest Conference held earlier this year. Fewer, associated with Harmony security used three vulnerabilities to exploit and escape the protected mode of the browser. Microsoft is working to resolve the other two vulnerabilities - heap address leak and protected mode bypass, exploited by the Ireland-based security researcher. The use-after-free bug and information leak vulnerabilities do not affect IE9 as the issue was identified through fuzzing and resolved by the company's professionals during the development of version 9.

Security flaws in software are common. IT professionals are required to regularly update their skills by attending security conferences, webinars and undertaking online IT degree programs.

Developers encourage researchers to identify and report vulnerabilities prior to their exploitation by the cybercriminals. Some of the mitigated vulnerabilities were reported by security researchers affiliated to Google and VeriSign. Proactive approach is crucial to deal with the ever growing cyber threats. Professionals qualified in secured programming, IT degree programs and penetrating testing may help software developers in timely identification and mitigation of security flaws.

Microsoft releases security updates on every second Tuesday of a month. Security experts have advised users to immediately apply the patches provided by the company in the mega security update. Internet users must use genuine software and enable automatic updating to allow automatic download and installation of security updates. Users must resist the tendency to use pirated and cheap software as they adversely affect the functioning of the computer system. Use of counterfeit software also deprives users of the opportunity to benefit from regular security updates and recommendations from software developers. They must also resist from opening e-mail attachments received from suspicious and unknown sources. They must install and update security solutions to safeguard computers against malware and other malicious downloads. Employees could be made aware of the security threats through regular huddle sessions, e-learning programs and encouraging them to undertake online IT courses on cyber security. Organizations must restrict user rights on computer systems to avoid execution of malicious code and compromise of confidential information. Security professionals must keep track of the security updates and threat alerts to identify and apply relevant patches.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

###

Tag Words: ie8, ie7, ie6, cansecwest, pwn2own, protection mode, vulnerabilities, security update, patch, internet explorer, microsoft, ie9, online it courses

Categories: Security

Link To This Press Release:

URL HTML Code