David Overton's Blog and Discussion Site
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  
Internet Explorer security vulnerability fix now available – think of it as an early Christmas present… now about Firefox’s 3 issues this week…

I think everyone knows that an urgent security issue has arisen in IE this week and Microsoft has taken the (wise) decision to publish a fix outside the normal 2nd Tuesday release cycle.  Some have said switch browser because of this issue, but not only can that be complex, but most browsers suffer security issues so once again the only real protection is to wrap in cotton wool and hide.  Or, use the built in features of Vista and IE7/8 which means protected mode and NOT running as admin.  You might ask why a Christmas present?  Well, if this continued un-patched then your information is seriously at risk and that would make for a very bad Christmas if your credit card information was stolen!!

Either way, if you have IE on your systems then you will need to update your systems urgently.  Of course, my Hyper-V server (or Windows Core for that matter) don’t have IE, so no updates for them!!!

Just for completeness, here is the information from the Technet newsletter

Internet Explorer Security Update
I wanted to update you on the Advance Notification of security update MS08-078 which will address a new vulnerability allowing remote code execution in all affected versions of Internet Explorer products. We plan to release this update on December 17th, around 10 a.m. Pacific Time (6pm UK time) through Automatic Updates and Microsoft Update. We encourage you to test and deploy this update as soon as possible. Our investigations of the known attacks have verified that they are not successful against customers who have applied the security update.
You may be interested to know, that in response to the threat we mobilized security engineering teams worldwide right away to develop, test and deliver a security update of appropriate quality for worldwide distribution in the unprecedented time of eight days. We also published the Microsoft Security Advisory 961051. Microsoft's teams worked constantly to identify more options for customers and updated this advisory 5 times in six days.
We remain committed to building secure products and we also encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

Phil Cross

 

Phil Cross
Technical Audience Group Manager

ttfn

David


Posted Thu, Dec 18 2008 9:25 AM by David Overton

Add a Comment

(optional)  
(optional)
(required)  
Remember Me?

(c)David Overton 2006-18