Condividi tramite


Microsoft Security Bulletin MS13-008 - Critical

Today, we are releasing an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future.

This security update resolves one publicly disclosed vulnerability in Internet Explorer versions 6, 7, and 8. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 and Internet Explorer 10 are not affected. For more information, see the full bulletin.

Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

— Tyson Storey, Program Manager, Internet Explorer

Comments

  • Anonymous
    January 14, 2013
    Anyone still using IE6 or IE7 deserves to get hacked, should have limited this fix to IE8 =p

  • Anonymous
    January 14, 2013
    The comment has been removed

  • Anonymous
    January 14, 2013
    The comment has been removed

  • Anonymous
    January 14, 2013
    The comment has been removed

  • Anonymous
    January 14, 2013
    IE blogs other than English should translate a new report early. Four affairs have accumulated.

  • Anonymous
    January 14, 2013
    I know, I was joking that's why I put =p  Although it would be nice if Microsoft stopped supporting older versions of IE for so long, there's really no reason for anyone to still be using an 11 year old browser.  IE7 is slightly understandable, but still anyone on XP has had nearly 4 years to update to IE8.

  • Anonymous
    January 14, 2013
    Why are the downloads only available in English?  We also need to deploy French.  Pretty annoying.

  • Anonymous
    January 14, 2013
    مشكوور علي البرنامج

  • Anonymous
    January 14, 2013
    @ Windows RT fail: Have you got any links for backing these rumors? I would love to know more.

  • Anonymous
    January 14, 2013
    OMG! the spam filter on this blog is insane! trying again for like the 10th time! @Listener - I don't have any sources willing to go public on it yet but I too have heard the rumors. As for the vendors that have ditched Windows RT there are several and they were very public about it: Samsung: www.electronista.com/.../samsung.joins.hp.toshiba.on.list.of.companies.refuting.rt.at.present Toshiba: www.windowstablet.tv/.../741-toshiba-drops-windows-rt-tablets-in-favor-of-windows-8-tablets (part 1)

  • Anonymous
    January 14, 2013
    The comment has been removed

  • Anonymous
    January 14, 2013
    The comment has been removed

  • Anonymous
    January 15, 2013
    Here is a nice one from blog.jquery.com/.../the-state-of-jquery-2013 Quote: "jQuery 2.0 now has more patches and shims for Chrome, Safari, and Firefox than for Internet Explorer!" Now you know where the really compatible browser is.

  • Anonymous
    January 15, 2013
    just started hope it fine

  • Anonymous
    January 16, 2013
    The comment has been removed

  • Anonymous
    January 16, 2013
    The comment has been removed

  • Anonymous
    January 16, 2013
    using the latest beta version of Fiddler to see if it reveals any additional insight as to why the IE Blog comment form fails to work  85% of the time. this is a quick 30 second turnaround time post

  • Anonymous
    January 16, 2013
    next test... after 3 min... and after opening other blog links into other tabs.

  • Anonymous
    January 16, 2013
    When is IE 10 going to be done for Windows 7?

  • Anonymous
    January 16, 2013
    yup... all 4 delayed tests failed. unfortunately nothing in Fiddler sticks out indicating the issue (cookies, headers, etc.) thus the issue still appears to be 100% squarely to do with the blog software and the famously un-reliable legacy ASP Postbacks. so for the like... hmmm, 5,000th time Microsoft... please fix the blog software or hire someone to do it.

  • Anonymous
    January 16, 2013
    Hi IE team. Great job thus far. I was wondering if there's any plans to improve JavaScript performance on IE10 for ARM devices?

  • Anonymous
    January 16, 2013
    The comment has been removed

  • Anonymous
    January 17, 2013
    The comment has been removed

  • Anonymous
    January 17, 2013
    On a side note, I've been having consistent issues with IE10 Desktop since upgrading to Windows 8. In particular, I'll get randomly hanging tabs, run-away processes (8-10 iexplore.exe processes for just two tabs open... and all tabs seem to be running in the SAME process), and worst is something gets messed up that affects "Open" dialogs badly.  This latter thing is exhibited by trying to do things like select a picture to tweet or upload to facebook... the dialog opens, and all the picture previews (large icons) are black, or just missing.  File type icons even in list/details view are black squares.  The ONLY solution to this is to exit out of IE completely, ensure all iexplore.exe processes are gone (killing any that hang around) and restarting.  Additional symptoms include not being able to see the Facebook command bar at the top of the page (i.e. it's just blank... no notificatinos or anything).  It's THERE, you can see the mouse change as you mouse over the invisible controls, but you can't see anything but white. All of these things happen to me on a fairly regular basis.  I tend to keep IE open, use lots of tabs, and just sleep the laptop between sessions. Anyone else noticing weirdness like this?

  • Anonymous
    January 17, 2013
    The comment has been removed

  • Anonymous
    January 18, 2013
    The comment has been removed

  • Anonymous
    January 18, 2013
    It turns Windows 7. Still more, is IE10 the formal version? Do your best. www.zdnet.com/microsoft-inches-closer-to-delivering-internet-explorer-10-for-windows-7-7000009975

  • Anonymous
    January 18, 2013
    It appears that Opera is switching to Webkit: techcrunch.com/.../operas-new-ice-mobile-browser-launching-in-february-for-android-and-ios-drops-presto-for-webkit So, we are all wondering now if Microsoft will ditch away its Trident stuff soon and embrace Webkit too. That would be great!

  • Anonymous
    January 18, 2013
    IE 10 for windows 7 will be finish in november 2013.

  • Anonymous
    January 19, 2013
    This snippet of code will crash any IE version. Might want to look into fixing this. http://cdpst.net/hhrxouog2

  • Anonymous
    January 19, 2013
    Yes, everyone go webkit!  Absolutely nothing can go wrong with tossing aside all competition!

  • Anonymous
    January 20, 2013
    The comment has been removed

  • Anonymous
    January 20, 2013
    I think your result for tab browsing in ie is wrong! Tab controling in ie 10 is very hard.

  • Anonymous
    January 22, 2013
    Come on Microsoft. Has the IEteam gone to sleep. The article count on this blog has dropped by 50% in de last half of 2012 already en you are now in for a month with only a single article. Last time that happend was in 2007

  • Anonymous
    January 23, 2013
    The comment has been removed

  • Anonymous
    January 24, 2013
    The comment has been removed

  • Anonymous
    January 24, 2013
    It is obvious that the IE team now provides much less info than they did while developing for IE8 and IE9. So we know that it can and should be better than this silent treatment.

  • Anonymous
    January 26, 2013
    The comment has been removed

  • Anonymous
    January 26, 2013
    The comment has been removed

  • Anonymous
    January 27, 2013
    how can i use my hotmail ?

  • Anonymous
    January 27, 2013
    The comment has been removed

  • Anonymous
    January 28, 2013
    @EricLaw - "What, if any, browser add-ons do you have enabled? Do you have 3rd party AV/security software installed?" I have no 3rd party AV/Security software, and no browser add-ons.  It's a relatively fresh install of Windows 8 (upgraded from Windows 7, but "installed as new" instead of upgrade-in-place). This consistently happens ... pages will start rendering weirdly (mostly with missing elements, like Facebook missing the top bar with the notifications and links to profile, security, etc).  When it gets really bad, elements in common Open/Save dialogs will fail to render (black rectangles for pictures when browsing the pictures library, for instance).   When this happens, I'll always notice at least one iexplorer.exe process with over 700MB of memory.  Killing it sometimes will resolve the problem, but most of the time I end up having to completely shut down internet explorer, wait for all processes to die, and then restart. Then things work fine. I tend to leave my IE10 Desktop open for long periods of time, through sleeps/wakes of the laptop, with generally dozens of tabs. I go through this every few days it seems.  At least once a week.

  • Anonymous
    January 28, 2013
    The comment has been removed