Tomado de: http://searchsecurity.techtarget.com
Microsoft said Tuesday that it plans to release a fix for the recently discovered IE zero-day vulnerability.
The fix will be released in the next few days, according to a blog post by Yunsun Wee, director of Trustworthy Computing at Microsoft.
"While we have only seen a few attempts to exploit this issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," he wrote.
The zero-day flaw affects Internet Explorer 6, 7, 8 and 9, according to a security advisory 2757760 issued by Microsoft late Monday.
Security researcher Eric Romang discovered the vulnerability over the weekend. According to researchers at Boston-based Rapid7, users' computers can become infected by visiting a malicious website. They advised users switch browsers until a security fix is available.
The fix Microsoft will release will be easy to use and will provide "full protection against this issue until an update is available," Wee wrote. Until the fix is available, users should follow the mitigations listed in Monday's advisory, he added.
----------------------------------------------------------------------------------------------------------------------------------
Apreciacion Personal
Zero-Day, tambien conocido como "Dia 0" es justamente un periodo de tiempo en el que un software puede ser atacado. Cuando recien se lanza una solucion de software los verdaderos testera, los usuarios, toman posesion de la misma y la posibilidad de errores aumenta. Cuando un hacker finalmente logra encontrar una vulnerabilidad se le conoce como la vulnerabilidad del Zero-Day.
Internet Explorer no ha sido la excepcion esta vez y como sus predesedores, las versiones 6,7,8, la version 9 ha caido tambien con esta vulnerabilidad que a partir del dia de hoy Microsoft empieza a hacerse cargo.
0 comentarios:
Publicar un comentario