Microsoft release FixIt for IE9/IE10 Zero Day
Microsoft has published a TechNet article detailing the availability of a "FixIt" for the current IE9/IE10 zero day which has been doing the rounds. Corporate users will presumably have to wait until the availability of the patch which Microsoft say will be released during the monthly patching cycle.
Microsoft released Advisory 2934088 : https://technet.microsoft.com/en-us/security/advisory/2934088
They have released a FixIt, another shim fix, that is available for download : https://support.microsoft.com/kb/2934088
Thanks to one of our regulars, and Swa for the overnight heads-up.
Steve Hall
ISC Handler
Keywords:
1 comment(s)
×
Diary Archives
Comments
It's sad that Internet Explorer does not take a few micro-seconds to write "zero" bytes over the range of memory that is to be "deleted", so that any "use-after-free" attempts will never find any "useful" data-values in that range of addresses.
One IBM mainframe operating system that has been creating virtual-machines for over 30 years has a "page-free" interface -- a VM cooperatively telling the hypervisor that a "page" (4Kbytes) of memory has been "forfeited". The hypervisor can react by excluding that page from any RAM-management (no need to "page-out" that block to a swap-disk-drive -- and the next requester of that page of "real" RAM will get a zero'd-out block).
Anonymous
Feb 26th 2014
1 decade ago