Microsoft: One less bug fixed on Patch Tuesday

Summary:Microsoft has updated one of their security bulletins with the news that one of the vulnerabilities listed in it wasn't actually patched.

Microsoft on Thursday updated one of the security bulletins they released on Tuesday. MS13-080, a cumulative update for Internet Explorer, previously listed 10 vulnerabilities, and now lists only nine.

windows-update

The vulnerability is CVE-2013-3871, and was described in the original bulletin as a memory corruption vulnerability, with this vague elaboration:

Remote code execution vulnerabilities exist when Internet Explorer improperly accesses an object in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

The other none vulnerabilities are also memory corruption vulnerabilities.

A notice sent on a mailing list from Microsoft said that including the vulnerability in the bulletin was an error, and that it was not, in fact, included in the MS13-080 update code. "CVE-2013-3871 is scheduled to be addressed in a future security update. "

The original version (thank you Wayback Machine) also credits Simon Zuckerbraun, working with HP's Zero Day Initiative, for reporting the vulnerability to Microsoft. 

Topics: Security, Microsoft

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.