Microsoft April Patch Tuesday Fixes (Some) IE Flaws
Page 1 of 1
Microsoft's April Patch Tuesday update, delivers fixes for 14 CVEs spread across nine security bulletins.
Though Microsoft is patching a good number of flaws, it is not patching vulnerabilities that were publicly demonstrated at the Pwn2Own 2013 event in March.
Though Microsoft is not patching for the Pwn2Own flaws, it is providing a critical patch for a pair of other flaws in IE. The MS13-028 bulletin details two flaws that both employ use-after-free vulnerabilities. In a use-after-free vulnerability, allocated memory can potentially be used by an attacker to execute malicious code.
The Google Security Team reported both of the use-after-free flaws to Microsoft. Google is no stranger to use-after-free flaws and frequently patches them in its own Chrome browser.