Next Tuesday Microsoft to finally fix IE vulnerability
On Tuesday, the 14th of December, Microsoft is planning to fix a, by then six week old, security vulnerability in its Internet Explorer web browser – the vulnerability has been being actively exploited by criminals for several weeks. However, according to Microsoft's observations the number of attacks has so far been very low. The only known exploit is impotent where data execution prevention (DEP) is activated (as it is by default in Internet Explorer 8).
The company is also finally planning to fix the privilege escalation vulnerability in Windows' Task Scheduler which was exploited by Stuxnet to infiltrate systems. Microsoft plans to release a total of 17 bulletins and updates on Tuesday which will resolve 40 security problems. Affected software includes Office, Windows and SharePoint Server.