Modernizing Authentication — What It Takes to Transform Secure Access
An Internet Explorer vulnerability that was patched in this month's Patch Tuesday update is being actively exploited.
"The security bug stems from memory mismanagement in Internet Explorer, or more particularly a use-after-free bug," writes The Register's John Leyden. "Technologies built into the latest versions of Windows -- including DEP (data execution prevention) and ASLR (address-space layout randomisation) -- are meant to make this sort of attack harder but have both come up short in this instance."
"The public availability of exploit code for both of these vulnerabilities increases the chances that they will be exploited in new attacks," writes Computerworld's Lucian Constantin. "Users are advised to install the security patch for CVE-2012-1875 and the Microsoft Fix it tool for CVE-2012-1889 as soon as possible in order to protect themselves."