What happened?
in its Patch Tuesday for March. Microsoft issued 18 security fixes for lntemet Explorer. some of which were marked as critical. The most urgent fix was for a zero—day-Vulnerability in Internet Explorer 9 and 10. It was spotted on 13 February by security company FireEye (http://bit.ly/1AuxA0u), and left unpatched by Microsoft for a month. although the company did issue a temporary ‘Fix it’ solution and advised users to upgrade to Internet Explorer 11, which wasn‘t at risk.
The flaw had already been exploited by hackers. who targeted the US website Veterans of Foreign Wars (http://bit.ly/1ui6OIN)
which is popular with military or ex—military personnel. This type of
hack — when criminals target a website only visited by a particular
group of people - is known as a waterhole attack.
Microsoft
said that hackers could have used the flaw to carry out a remote code
execution. a common form of attack that lets them access your PC if you
visit an infected website.
This
Patch Tuesday was the second successive to contain a batch of IE fixes.
In February. Microsoft patched 24 vulnerabilities in the browser, which
remains the company’s most attacked product. Microsoft will its final
Patch Tuesday for Windows XP on 8 April.
What should I do?
lf
you have “automatic updating" turned on in Windows, you don't need to
do anything. To check, in Windows Vista, 7 and 8 go to the Start menu,
Control Panel, ‘System and Security’, then ‘Turn automatic updating on
or off’.
Make
sure ‘Install updates automatically (recommended)' is selected. In XP,
Click the Start button, All Programs, then Windows Update. Visit the
support page to team how to install updates manually(http://bit.ly/1uud27y). For more information on these IE patches. read Microsoft’s Security Bulletin for March(http://bit.ly/ZfIlrY) . You should also read the blog post from the Microsoft Security Response Center(http://bit.ly/1rAz5p4).
No comments: