Monday, 2 November 2015

Forgotten Explorer Vulnerability In Windows 10 Still Patched

Microsoft has previously forgotten vulnerability in Internet Explorer for Windows 10 yet patched. On October 13 released Microsoft Security Bulletin MS15-106 for several critical vulnerabilities in Internet Explorer that could allow an attacker the underlying system could take over completely.

Several of the vulnerabilities were corrected by the Zero Day Initiative (ZDI) of security firm TippingPoint reported to Microsoft. Researchers can at ZDI sell vulnerabilities fee, and TippingPoint notifies the responsible supplier. Next, details of the vulnerability published as the supplier has solved the problem, or has not complied with the deadline of the ZDI.

In this case, made ​​after the publication of the TippingPoint Security Bulletin MS15-106 know that Microsoft is a critical vulnerability in Internet Explorer 11 for Windows 10 had composed, designated as CVE-2015-6045. The vulnerability, however, was not mentioned in the Microsoft Security Bulletin itself, what questions on Twitter made. TippingPoint then pulled the own publication about the vulnerability away.

It now appears that Microsoft had not patched the vulnerability. Thursday appeared namely a new version of the Microsoft Security Bulletin which announces that a new cumulative update was released CVE-2015-6045 in which it is resolved. The update is only for Windows 10, which also need to install the new update. On most systems, however, this happens automatically.

No comments:

Post a Comment