Microsoft today released its monthly Patch Tuesday update, targeting eight vulnerabilities spread across Microsoft's Internet Explorer Web browser, Exchange mail server, SQL database server and Office applications.
At the top of the patch list is Internet Explorer, which is receiving an update rated "Critical" by the company, designed to close a pair of vulnerabilities.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iMicrosoft identifies the first of the two flaws as an "Uninitialized Memory Corruption Vulnerability." The issue stems from how IE deals with objects that have been deleted. According to the company's advisory, "an attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution."
The second IE issue deals with a memory corruption vulnerability in how the browser handles Cascading Style Sheets, or CSS (define) -- a common layout technology on modern Web sites. Microsoft noted in its advisory that certain types of CSS styles, when loaded by IE, could trigger memory corruption. That corruption could, in turn, potentially enable an attacker to execute arbitrary code.
This article was first published on InternetNews.com.