Microsoft Issues Out-of-Cycle Patch for IE

Microsoft today released a security patch, outside its normal schedule, for versions 6, 7, and 8 of its Internet Explorer browser, to fix a recently discovered  Critical vulnerability that is being actively exploited.  According to Microsoft’s Security Bulletin [MS13-008], the vulnerability stems from a memory management error in the browser, which can cause memory corruption, leading to the execution of arbitrary code in the context of the current user.  The Security Bulletin [MS13-008] contains more information, and download links for the relevant patches.  Microsoft says that applying the patch will require a system restart.  Microsoft has also added information on this new bulletin to its Microsoft Security Bulletin Summary for January 2013, which also continues to contain information on the patches released on the usual schedule last Tuesday, January 8.

This is a serious security flaw, particularly for desktop clients, and I urge you to update your systems as soon as you can.

Update Monday, 14 January, 16:47 EST

There is a Microsoft Knowledge Base article (KB 2799329) that contains some additional information.

Comments are closed.

%d bloggers like this: