(MS15-124)Microsoft Internet Explorer Remote Memory Corruption Vulnerability

Summary

    Microsoft Internet Explorer is a web browser.

    There is a  Remote Memory Corruption Vulnerability in Microsoft Internet Explorer 7 - 11. When the Internet Explorer visit memory object incorrect, triggering the vulnerability. An attacker constructed a malicious website, then cheat users to visit it.Successful use of the vulnerability of the attacker can get the same permissions as the current user, if the current user own the rights of management, an attacker can complete control of the affected system. Optional installation program, view, change or delete the data, and even create new accounts with the highest user permissions.

    Vulnerability contains: CVE-2015-6159 CVE-2015-6160 CVE-2015-6140 CVE-2015-6142 CVE-2015-6143 CVE-2015-6147 CVE-2015-6149 CVE-2015-6150 CVE-2015-6152


Solution

    1. Microsoft company aim at the vulnerability has been providing any patches and upgrade procedures, recommend the use of the user of the product in a timely manner to the manufacturer's home page for the latest version:http://technet.microsoft.com/en-us/security/bulletin/ms15-124;

     2. If you have purchased NGAF appliance, update IPS signature database to above version 20151218 .