Risks

Advisories

Browse

US-CERT Technical Cyber Security Alert - Microsoft Releases Update for Internet Explorer Vulnerability CVE-2012-4792 (US-CERT Alert TA13-015A)

National Cyber Awareness System

US-CERT Alert TA13-015A
Microsoft Releases Update for Internet Explorer Vulnerability CVE-2012-4792

Original release date: January 15, 2013
Last revised: --

Systems Affected

     * Microsoft Internet Explorer 6
     * Microsoft Internet Explorer 7
     * Microsoft Internet Explorer 8


Overview

   Microsoft has released Security Bulletin MS13-008 to address the
   CButton use-after-free vulnerability (CVE-2012-4792).


Description

   Microsoft Internet Explorer versions 6, 7, and 8 are susceptible to
   a use-after-free vulnerability. This vulnerability is being
   actively exploited in the wild. Microsoft has released Security
   Bulletin MS13-008 to address this vulnerability.

   Additional information is available in Vulnerability Note
   VU#154201.


Impact

   A remote, unauthenticated attacker could execute arbitrary code,
   cause a denial of service, or gain unauthorized access to your
   files or system.


Solution

   US-CERT recommends that Internet Explorer users run Windows Update
   as soon as possible to apply the MS13-008 update.


Revision History

  January 15, 2013: Initial release

 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA13-015A Feedback VU#154201" in
   the subject.
 ____________________________________________________________________

   Produced by US-CERT, a government organization.
 ____________________________________________________________________

This product is provided subject to this Notification:
http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy:
http://www.us-cert.gov/privacy/

This document can also be found at
http://www.us-cert.gov/cas/techalerts/TA13-015A.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html

Spotlight

IT security jobs: What's in demand and how to meet it

Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.

Is Microsoft is reading your Skype communications?

Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.

Internet Explorer best at blocking malware

Posted on 14 May 2013. | While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.

Researcher refuses to help Saudi telco to spy on people

Posted on 14 May 2013. | You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.

Malicious browser extensions are hijacking Facebook accounts

Posted on 13 May 2013. | Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.

Daily digest

By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.

Weekly newsletter

With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.

DON'T
MISS
Fri, May 17th

17 May 2013.

Data stealing attacks using fake attachments

17 May 2013.

A look into the EC Council hack

16 May 2013.

Thoughts on the need for anonymity

16 May 2013.

Researchers reveal OpUSA attackers' MO

15 May 2013.

How to get a job in information security