British killing soft parsing: How important is Microsoft's August IE security patch

Computer Store News: Yesterday, Microsoft practice released the August security update, which has fixed 37 common vulnerabilities, including desktop products such as Windows and Internet Explorer. However, this time IE once again became the protagonist, accumulating 26 memory overflow vulnerabilities, and even attracted the attention of foreign security vendors.

Today, the official blog of British security vendor Sophos introduced the details of Microsoft's August security patch: "By referring to Microsoft's original words, these IE memory leaks are extremely vulnerable to attacks, if users use IE to view A specially crafted web page, or may allow remote code to run, etc. In jargon, it is a click-to-own mechanism that everyone is familiar with: I send you a link, then ask you to visit the page, and finally I get a certain account right. & rdquo;

In fact, these large and small IE patches are designed to solve a large problem, which is to enhance ASLR (randomization of address space pattern) and RCE (return indicator) Programming) protection technology.

According to security vendor Sophos, RCE vulnerabilities allow cybercriminals to invade, and hackers can also invade real systems beyond the ASLR mechanism, so this August IE security update is of little importance. general.