Computerworld - Microsoft today announced it will deliver seven security updates next week to patch 11 vulnerabilities, including the first that apply to Internet Explorer 10 (IE10), the company's newest browser.
As it did last month, Microsoft will also patch Windows 8, Windows RT and Windows Server 2012, its new desktop, tablet and server operating systems.
Five of the seven updates will be marked as "critical," Microsoft's highest threat ranking, while the remaining pair will be labeled "important," the Redmond, Wash. developer said in an advance warning published today.
Andrew Storms, director of security operations at nCircle Security, put the IE update atop his tentative to-do list. Others did, too, including Paul Henry, a researcher with Arizona-based Lumension.
In an email Thursday, Henry said that the bugs in IE9 and IE10 -- the only versions directly affected -- were "use-after-free" memory management vulnerabilities.
By the IE update's critical label, it's likely that the bug(s) can be exploited by hackers using "drive-by" attacks, those that execute as soon as an unsuspecting user surfs to a malicious or compromised website...
Read full story...