This alert comes courtesy of the US-CERT National Cyber Awareness System and we highly recommend you apply the patches provided by Microsoft to protect your Internet Explorer browser immediately. Hackers are currently using the browser vulnerability to exploit systems.
In addition to patching your systems, we recommend a bit of common sense, such as not visiting links which are sent to you in email that look suspicious. If it looks strange, it probably is.
—
National Cyber Awareness System
US-CERT Alert TA12-265A
Microsoft Releases Patch for Internet Explorer Exploit
Original release date: September 21, 2012 Last revised: —
Systems Affected
* Microsoft Internet Explorer 6
* Microsoft Internet Explorer 7
* Microsoft Internet Explorer 8
* Microsoft Internet Explorer 9
Overview
Microsoft has released Security Bulletin MS12-063 to address the use-after-free vulnerability that has been actively exploited this past week.
Description
Microsoft Internet Explorer versions 6, 7, 8, and 9 are susceptible to a use-after-free vulnerability. This vulnerability is being actively exploited in the wild. Microsoft has released Security Bulletin MS12-063 to patch this vulnerability and four others.
This vulnerability was previously mentioned in US-CERT Alert TA12-262A. Additional information is available in US-CERT Vulnerability Note VU#480095.
Impact
A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
Solution
US-CERT recommends that Internet Explorer users run Windows Update as soon as possible to apply the MS12-063 patch.
References
* Microsoft Security Bulletin MS12-063
<http://technet.microsoft.com/en-us/security/Bulletin/MS12-063>
* US-CERT Alert: Microsoft Security Advisory for Internet Explorer Exploit
<http://www.us-cert.gov/cas/techalerts/TA12-262A.html>
* Microsoft Windows Update
<http://go.microsoft.com/fwlink/?LinkID=40747>
* US-CERT Vulnerability Note VU#480095
<http://www.kb.cert.org/vuls/id/480095>
Revision History
September 21, 2012: Initial release
—
As always, if you require assistance applying these security patches or have questions about your Greenville / Upstate, SC business computer and network security, please call us at 864.990.4748 or use the contact link in the menu above.