Microsoft will issue an emergency update to patch a vulnerability in Internet Explorer (IE) in the next two weeks to fix a flaw criminals have been using for more than a month, researchers said Tuesday.
The company will move on the IE6, IE7 and IE8 bug before the next regularly-scheduled Patch Tuesday because of increasing attacks and proof that temporary workarounds can be circumvented.
Over the weekend, it was reported that a hacker had claimed to discover a way to jailbreak a Windows RT device so that it would run non-Windows Store apps on a Windows RT device via a circumvention method. The method was discovered by clokr on Sunday, and and Microsoft immediately responded it was investigating the claims, which were verified.
Active attacks targeting a critical vulnerability in older versions of Microsoft's Internet Explorer browser have been carried out by an experienced gang of hackers. And over the past four years, the group has penetrated the defenses of Google and dozens of other companies using similar zero-day exploits.
Running traditional desktop apps on Windows RT may be one step closer to reality, thanks to a vulnerability that a hacker claims lets you run any desktop app on the ARM version of Windows.
A hacker called 'clrokr' recently detailed the Windows RT exploit, which requires manipulating a part of Windows RT's system memory that governs whether unsigned apps can run. Clrokr says the exploit was possible thanks to a vulnerability in the Windows kernel that was ported to Windows RT.
A researcher has bypassed Microsoft's temporary fix for a zero-day Internet Explorer browser vulnerability that hackers have been exploiting for a month.
The exploit, developed by Peter Vreugdenhil of the vulnerability analysis company Exodus Intelligence, places pressure on Microsoft to release a permanent fix sooner rather than later. The software maker did not include a permanent patch in its advanced notification of seven security updates set for release next week.