The first Patch Tuesday of the year will bring a total of seven different updates created to fix vulnerabilities in 12 software solutions developed by Microsoft.
While information on these bugs is pretty limited for the time being, Microsoft did reveal that almost all Windows versions currently on the market will receive fixes, including Windows RT, the company’s very own operating system aimed at tablet devices.
According to Microsoft’s advance notification for January 2013, both Windows 8 and Windows 7 will receive critical updates today.
Surprisingly, Microsoft won’t patch the recently discovered Internet Explorer 8 flaw that allows attackers to get control of a vulnerable system.
Instead, the company has decided to go for a one-click “Fix it” tool that configures users’ browsers and operating systems to stay on the safe side.
“In a web-based attack scenario, an attacker could host a website that co ntains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability,” Microsoft said in a security advisory.
A security company, however, has already managed to bypass the “Fix it” patch and compromised a system running the vulnerable Internet Explorer 8 browser.
Microsoft said it’s still working on a security update for its three-year old browser, but in the meantime, security vendors across the world recommend users to switch to a third-party browser, or at least, to move to a newer Internet Explorer version.
Even though the company has decided to skip Patch Tuesday for an Internet Explorer fix, the security update is very likely to be released in a couple of weeks, as more reports concerning compromised websites are emerging all over the web.
0 komentar:
Posting Komentar