Microsoft Patches Remote Code Execution Hole for Internet Explorer

mask.of.sanity writes: Microsoft has released an out-of-band patch for Internet Explorer versions seven to 11 that closes a dangerous remote code execution flaw allowing attackers to commandeer machines. From their advisory: "An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability." The attack could assist in watering hole and malvertising campaigns. The Windows 10 Edge browser is not impacted.

Re:Really

[Rockets84]

This bug has been around since IE 7? Wow, this just confirms that MS will only patch bugs once others find them and then they have to work on fixing them.

So, what's your point? IE 7 through to 11 use the same Trident layout engine so it stands to reason one security flaw could affect IE 7 through to 11. Heartbleed was in OpenSSL's source for 3.5 years & Shellshock was in BASH since 1989 before anyone found them. Bugs can exist in software for years whether they are open or closed source.