SweX 871 Posted November 20, 2014 Share Posted November 20, 2014 BY ESET RESEARCH Microsoft released a patch last week for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability, known as CVE-2014-6332, and discovered by an IBM X-Force security researcher, is significant because it exploits an old bug present in Internet Explorer versions 3 through 11. This means that most, if not all, Internet Explorer users are vulnerable unless they are using patched systems. It gets worse: the vulnerability not only can be used by an attacker to run arbitrary code on a remote machine, but it can also bypass the Enhanced Protected Mode (EPM) sandbox in IE11 as well as Microsoft’s free anti-exploitation tool, the Enhanced Mitigation Experience Toolkit (EMET). hxxp://www.welivesecurity.com/2014/11/20/first-exploitation-of-unicorn-bug/ Link to comment Share on other sites More sharing options...
TomFace 539 Posted November 20, 2014 Share Posted November 20, 2014 (edited) SweX, do you know if "the patch" was included in the Microsoft 11/12/14 update? I did not closely examine every KB item. Edited November 20, 2014 by TomFace Link to comment Share on other sites More sharing options...
rugk 397 Posted November 20, 2014 Share Posted November 20, 2014 (edited) Yes it was included. For more information have a look at the Security Bulletin. Edited November 20, 2014 by rugk Link to comment Share on other sites More sharing options...
TomFace 539 Posted November 21, 2014 Share Posted November 21, 2014 Thank you rugk. Link to comment Share on other sites More sharing options...
Recommended Posts