Microsoft drops surprise IE patch, fixes under-attack Windows zero-day

Summary: Patch Tuesday: Redmond ships nine bulletins to fix 16 dangerous security holes in Microsoft Windows, Internet Explorer, Visual Basic for Applications, and Microsoft Office.

By Ryan Naraine for Zero Day | July 10, 2012 -- Updated 19:25 GMT (12:25 PDT)

Microsoft today released a critical security patch to cover a zero-day flaw that was being used by "nation-state attackers" to hijack Gmail accounts.

The vulnerability, originally disclosed on June 13, affects Microsoft XML Core Services and can be exploited to launch remote code execution attacks if a Windows user simply surfs to a maliciously crafted website using Internet Explorer.


Find out more.. Microsoft drops surprise IE patch, fixes under-attack Windows zero-day | ZDNet