A flaw in Internet Explorer 6 and 7 that allows hackers to run any program remotely on a PC without the user's knowledge will not be fixed in Microsoft's security update this month.
Compared to last month's bumper update that fixed a record 49 bugs, November's Patch Tuesday, which will be issued next week, will only fix 11 vulnerabilities via three bulletins.
The patch for Office for Windows is rated "critical" while the patches for Office for Mac 2011 and Forefront Unified Access Gateway have been labeled "important."
According to Symantec, Hackers use an email with a link that when clicked on identifies whether the web user's browser is IE6 or IE7. If so, the script transfers the visitor unknowingly to a malicious website where the malware infects their PC, subsequently allowing hackers to run programs remotely. Microsoft has urged users to upgrade from IE6.
More: http://www.pcworld.com/article/209866/
Compared to last month's bumper update that fixed a record 49 bugs, November's Patch Tuesday, which will be issued next week, will only fix 11 vulnerabilities via three bulletins.
The patch for Office for Windows is rated "critical" while the patches for Office for Mac 2011 and Forefront Unified Access Gateway have been labeled "important."
According to Symantec, Hackers use an email with a link that when clicked on identifies whether the web user's browser is IE6 or IE7. If so, the script transfers the visitor unknowingly to a malicious website where the malware infects their PC, subsequently allowing hackers to run programs remotely. Microsoft has urged users to upgrade from IE6.
More: http://www.pcworld.com/article/209866/