Vulnerability Protection

Security Update for Internet Explorer

Details
Report ID: MS201405001
Date Published: 2 May 2014
Date Revised:  
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Internet Explorer 11
Internet Explorer 10
Internet Explorer 9
Internet Explorer 8
Internet Explorer 7
Internet Explorer 6

Summary

Microsoft has released a security update that addresses a critical vulnerability in versions 6 to 11 of the Internet Explorer web browser. There have been reports of targeted attacks against this vulnerability in the wild.

Detailed Description

A vulnerability (CVE-2014-1776) in the way Internet Explorer accesses an object in memory that has been deleted or improperly allocated can corrupt the memory and allow an attacker to execute arbitrary code in Internet Explorer in the context of the current user.

Successful exploitation may gain the attacker the same user rights as the current user; if the user has full administrative privileges on the system, the attacker may gain complete control of the system.

CVE Reference

  • CVE-2014-1776

Solution

Install the latest security patch for applicable systems, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms14-021)

Source

Microsoft Security Bulletin MS14-021