Microsoft's security team announced late December 2010 that it is investigating two proof-of-concept flaws in Microsoft's Web-related software. One of the flaws offers a possible avenue for remote code execution attacks via Internet Explorer (IE). The other flaw could enable denial-of-service attacks by exploiting a vulnerability in Internet Information Services FTP 7.5, which runs as a part of Windows 7 and Windows Server 2008 R2. The IE proof-of-concept flaw potentially affects all versions of Microsoft's Web browser. It supposedly works by bypassing protections normally enabled by Microsoft's address space layout randomization (ASLR) and data execution prevention (DEP) technologies. Microsoft described the problem in a blog post in December 2010, suggesting that users could deploy Microsoft's Enhanced Mitigation Experience Toolkit (EMET) as a workaround.
Source: http://fcw.com/articles/2011/01/04/ecg-microsoft-investigating-ie-and-ftpsecurity-%20flaws.aspx
No comments:
Post a Comment