Microsoft: One less bug fixed on Patch Tuesday

Microsoft: One less bug fixed on Patch Tuesday

Summary: Microsoft has updated one of their security bulletins with the news that one of the vulnerabilities listed in it wasn't actually patched.

TOPICS: Security, Microsoft

Microsoft on Thursday updated one of the security bulletins they released on Tuesday. MS13-080, a cumulative update for Internet Explorer, previously listed 10 vulnerabilities, and now lists only nine.


The vulnerability is CVE-2013-3871, and was described in the original bulletin as a memory corruption vulnerability, with this vague elaboration:

Remote code execution vulnerabilities exist when Internet Explorer improperly accesses an object in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

The other none vulnerabilities are also memory corruption vulnerabilities.

A notice sent on a mailing list from Microsoft said that including the vulnerability in the bulletin was an error, and that it was not, in fact, included in the MS13-080 update code. "CVE-2013-3871 is scheduled to be addressed in a future security update. "

The original version (thank you Wayback Machine) also credits Simon Zuckerbraun, working with HP's Zero Day Initiative, for reporting the vulnerability to Microsoft. 

Topics: Security, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • as they say

    An leaky bucket will always leak. If you don't like that, get another bucket without holes.

    For the time and money Microsoft has spent "patching" this junk code, they could have hired quality programmers and written all of IE from scratch.. few times already.
    Or maybe not...
    • ...

      Only two things are infinite, the universe and human stupidity, and I'm not sure about the former

      Albert Einstein.
      • This thread was not found to be Irony Deficient

        - iFDA
    • Errrrr

      If you are so anti-Microsoft, why are you reading this story then.
      If you are so thrilled with [let's say Chrome], talking buggy, Chrome browser v30 fixes FIFTY vulnerabilities that existed in v29. Piece of crap software - it should be rewritten. - And this is after 25 vulnerabilities in v29 were fixed. Pathetic.
  • Re: "thank you Wayback Machine"

    Those are handy to have.

    Mine is old but reliable, as it was manufactured in Chicago but shuffled off to Buffalo.