On Tuesday, Microsoft routinely push the September security patches, a total of 13, mainly for the affected Windows, Office and IE vulnerabilities, but today, the company has added a new security patches, mainly for IE8 and IE9.
Microsoft said in its official blog, the vulnerability exists in IE has been deleted or the memory of a rational allocation of access to the object, currently only IE8 and IE9 have been affected, but does not exclude other affected versions of IE future possibilities.
Given Windows Server 2003, Server 2008, and 2008 R2, IE are running in “Enhanced Security Configuration Mode” (Enhanced Security Configuration), the vulnerability of their impact will not be great. However, in other versions of Windows IE8 and IE9, very susceptible.
Now Microsoft has released a code “CVE-2013-3893 MSHTML Shim Workaround” temporary patch to fix this vulnerability. In addition, Microsoft also recommends that users of the browser security settings to “High” to block ActiveX controls and any dynamic scripts.
In addition, Microsoft said the company will next month’s “Patch Tuesday” (or under an upgrade cycle) give the complete security updates.