Pushing Emergency Update for Internet Explorer Vulnerability

By   ISBuzz Team
Writer , Information Security Buzz | Aug 25, 2015 07:00 pm PST

Microsoft has issued an emergency patch for Internet Explorer outside of its Patch Tuesday Monthly schedule following a zero-day vulnerability, dubbed CVE-2015-2502. The vulnerability could allow an attacker to hijack control of your computer via Internet Explorer – just by you visiting a boobytrapped webpage. Lane Thames, Software Development Engineer and Security Researcher at Tripwire gives insight into the vulnerability.

[su_note note_color=”#ffffcc” text_color=”#00000″]Lane Thames, Software Development Engineer and Security Researcher at Tripwire

“Microsoft has released MS15-093, which is an emergency out-of-band (OOB) patch for Internet Explorer (IE). The MS15-093 security update addresses a memory corruption vulnerability (CVE-2015-2502) within IE7 through IE11 that could allow remote code execution if a user visits a website hosting specially crafted webpages. This memory corruption vulnerability exists because IE does not properly manage certain objects in memory. The vulnerability is rated critical for Windows non-Server operating systems. However, the vulnerability is rated moderate for Windows Server platforms including Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Customers should note that the new “Edge” browser is not affected by this emergency security bulletin.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire logoTripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x