CERT mailing list archives

Current Activity - Microsoft Releases Security Advisory for Internet Explorer

From: Current Activity <us-cert () us-cert gov>
Date: Fri, 21 Sep 2012 15:22:30 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Awareness System

US-CERT Current Activity
Microsoft Releases Security Advisory for Internet Explorer

Original release date: September 19, 2012
Last revised: September 21, 2012

Microsoft has released Security Advisory 2757760 to address a
vulnerability in Microsoft Internet Explorer 6, 7 , 8, and 9. This
vulnerability may allow an attacker to execute arbitrary code if a user
accesses specially crafted HTML documents (e.g., a web page or an HTML
email message or attachment).

US-CERT encourages users and administrators to review Microsoft Security
Advisory 2757760. This advisory indicates that the workaround does not
correct the vulnerability, but it may help mitigate the risk against
known attack vectors.

Additional information regarding CVE-2012-4969 can be found in the US-
CERT Technical Alert TA12-262A and Vulnerability Note VU#480095.

Update: Microsoft has released an out-of-band patch to address this
vulnerability. US-CERT encourages users and administrators to review
Microsoft Security Bulletin MS12-063 and apply any necessary updates to
help mitigate the risk.

Relevant URL(s):
<http://technet.microsoft.com/en-us/security/Bulletin/MS12-063>

<http://www.kb.cert.org/vuls/id/480095>

<http://www.us-cert.gov/cas/techalerts/TA12-262A.html>

<http://technet.microsoft.com/en-us/security/advisory/2757760>


____________________________________________________________________

   Produced by US-CERT, a government organization.
____________________________________________________________________

This product is provided subject to this Notification:
http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy:
http://www.us-cert.gov/privacy/

This document can also be found at
http://www.us-cert.gov/current/#microsoft_releases_security_advisory_for6

For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUFy+bHdnhE8Qi3ZhAQLp2Qf/X7+lqFkCrmMmTr28Zwaufyw0HdqpnqwI
ARBU7+gnsji2zK29Uipdk/0XD6ZjUoD289Q4Sp4HfbUYSDWpbVkwEVjrLajTy6tB
1dUixogmKb28g50EM1FGFSPTvs9TIWMHWzLH35C4v78+lom+jMZscmdKkxduPsdY
ZTstmmtxxLRZ+7RORSGvB6H4/GTkvUVFfvFp66CHmVZl+0jcHjoQ0ksEqYg7qCE9
mMgfOKVFGDJfx4Pp2+43QsIqawx8UwEJVYyZSFQax5YYZxfqKN2BC0k7P77qEe+T
Sr3Bj6k/8tHCAg4U0pn1C9/E9pnryAWEhezagcvK8Oz2KosiniX9QQ==
=qrw3
-----END PGP SIGNATURE-----

Current thread:

Current Activity - Microsoft Releases Security Advisory for Internet Explorer Current Activity (Sep 19)
- <Possible follow-ups>
- Current Activity - Microsoft Releases Security Advisory for Internet Explorer Current Activity (Sep 21)