The tech giant issues a permanent patch for a known exploit that was possibly used by cybercriminals and hackers over the last few months. October 8, 2013 7:06 PM PDT Microsoft's risk and impact graph showing an aggregate view of October's Severity and Exploitability Index. (Credit: Microsoft) In its security update for this month, Microsoft has patched a critical Internet Explorer vulnerability that possibly exposed users to malware and hacks for the last three months. The permanent patch is for an exploit known as CVE-2013-3893, which had the capability to work its way into all supported versions of Internet Explorer. Microsoft announced the existence of the vulnerability in September and released a downloadable "Fix It" tool until the permanent patch was ready. Related stories Microsoft pays out $28K to IE 11 exploit hunters ExploitShield becomes Malwarebytes Anti-Exploit Google plans to wipe child porn from the Web Google push for faster zero day fixes hits a wall: Other companies As Schmidt speaks of caution, Google Glass gets hacked "The most severe vulnerabilities could allow remote code execution if a customer views a specially crafted webpage using Internet Explorer," Microsoft's Dustin Childs wrote in a blog post on Tuesday. "An attacker who successfully exploited these vulnerabilities could gain the same rights as the current user running Internet Explorer." The new update with the permanent patch, dubbed MS13-080, fixes 10 issues within Internet Explorer. In addition to patching the Internet Explorer vulnerability, Microsoft also issued three other critical bulletins and four important ones. All of the bulletins together target 26 different vulnerabilities in Windows, Internet Explorer, SharePoint, .NET Framework, Office, Silverlight, and more.
The tech giant issues a permanent patch for a known exploit that was possibly used by cybercriminals and hackers over the last few months.
Microsoft's risk and impact graph showing an aggregate view of October's Severity and Exploitability Index.
(Credit: Microsoft)
In its security update for this month, Microsoft has patched a critical Internet Explorer vulnerability that possibly exposed users to malware and hacks for the last three months.
The permanent patch is for an exploit known as CVE-2013-3893, which had the capability to work its way into all supported versions of Internet Explorer. Microsoft announced the existence of the vulnerability in September and released a downloadable "Fix It" tool until the permanent patch was ready.
Related stories
- Microsoft pays out $28K to IE 11 exploit hunters
- ExploitShield becomes Malwarebytes Anti-Exploit
- Google plans to wipe child porn from the Web
- Google push for faster zero day fixes hits a wall: Other companies
- As Schmidt speaks of caution, Google Glass gets hacked
"The most severe vulnerabilities could allow remote code execution if a customer views a specially crafted webpage using Internet Explorer," Microsoft's Dustin Childs wrote in a blog post on Tuesday. "An attacker who successfully exploited these vulnerabilities could gain the same rights as the current user running Internet Explorer."
The new update with the permanent patch, dubbed MS13-080, fixes 10 issues within Internet Explorer.
In addition to patching the Internet Explorer vulnerability, Microsoft also issued three other critical bulletins and four important ones. All of the bulletins together target 26 different vulnerabilities in Windows, Internet Explorer, SharePoint, .NET Framework, Office, Silverlight, and more.
