/>
X
Innovation

Microsoft: One less bug fixed on Patch Tuesday

Microsoft has updated one of their security bulletins with the news that one of the vulnerabilities listed in it wasn't actually patched.
Written by Larry Seltzer, Contributor on

Microsoft on Thursday updated one of the security bulletins they released on Tuesday. MS13-080, a cumulative update for Internet Explorer, previously listed 10 vulnerabilities, and now lists only nine.

windows-update

The vulnerability is CVE-2013-3871, and was described in the original bulletin as a memory corruption vulnerability, with this vague elaboration:

Remote code execution vulnerabilities exist when Internet Explorer improperly accesses an object in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

The other none vulnerabilities are also memory corruption vulnerabilities.

A notice sent on a mailing list from Microsoft said that including the vulnerability in the bulletin was an error, and that it was not, in fact, included in the MS13-080 update code. "CVE-2013-3871 is scheduled to be addressed in a future security update. "

The original version (thank you Wayback Machine) also credits Simon Zuckerbraun, working with HP's Zero Day Initiative, for reporting the vulnerability to Microsoft. 

Editorial standards

Related

The 19 best Cyber Monday deals under $30
Amazon Fire TV Stick 4K

The 19 best Cyber Monday deals under $30

Live blog: 100+ of the best Cyber Monday deals
Large white Cyber Monday text with electronics behind it

Live blog: 100+ of the best Cyber Monday deals

The 51 best Cyber Monday deals on Amazon right now
Image of Amazon Echo Show 8 on a wooden table in front of a person cooking and folding pastry dough.

The 51 best Cyber Monday deals on Amazon right now