Microsoft has pushed out an emergency out-of-band Internet Explorer update, which fixes a critical memory corruption vulnerability (CVE-2015-2502) that is being actively exploited in attacks in the wild.
If they haven't already, Internet Explorer users would do well to implement the security update provided by Microsoft last month, as among the fixed vulnerability is one that is currently being exploited via the popular commercial Angler exploit kit.
After analyzing the leaked data from last week's attack on Hacking Team, Vectra researchers discovered a previously unknown high severity vulnerability in Internet Explorer 11, which impacts a fully patched IE 11 web browser on both Windows 7 and Windows 8.1.
Despite having paid $125,000 for information about an Address Space Layout Randomisation (ASLR) vulnerability affecting Internet Explorer, Microsoft has decided against patching it because they feel it does not affect the default configuration of IE.
This month Microsoft has released 14 new bulletins, 5 of which are rated as Critical, 9 as Important.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.