14 DAY TRIAL // On December 13th, Microsoft announced the release of a new set of security updates for its Windows platform and for other products, and one of these was aimed at patching vulnerabilities found in Internet Explorer.
Three vulnerabilities have been recently found in Internet Explorer, the most severe of which could allow remote code execution when users would enter a specifically designed webpage using Internet Explorer.
It could allow for remote code execution when the user opened a legitimate HyperText Markup Language (HTML) file that was located in the same directory as a specially tailored dynamic link library (DLL) file, the Redmond-based software giant explains.
The vulnerability could have been exploited to run a malicious application on the affected system.
To fix this, Microsoft has pushed a Cumulative Security Update for Internet Explorer (2618444), which included a new version of Internet Explorer 9.
Microsoft explains that the new update was designed to modify the behavior of Internet Explorer XSS Filter, thus addressing the vulnerability. The update corrects the manner in which IE loads external libraries and enforces the content settings that have been delivered by the Web server.
“Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights,” Ceri Gallacher, program manager, Internet Explorer, explains.
“This security update is rated Important for Internet Explorer on Windows clients and Internet Explorer 9 for Windows 2008 R2; and Low for Internet Explorer on Windows servers. For more information, see the full bulletin.”
To address the issue, Microsoft has started to deliver the aforementioned software update for users, and most of them should have already received it, as long as they have automatic updating enabled on their PCs.
“We recommend that administrators, enterprise installations, and end users who want to install this security update manually, apply the update immediately using update management software or by checking for updates using the Microsoft Update service,” Ceri Gallacher continues.
Additional info on this Cumulative Security Update for Internet Explorer (2618444) can be found in the Microsoft Security Bulletin MS11-099.