Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


Return to article

Microsoft to Issue Emergency IE Fix Today
A Web Exclusive from WinInfo
December 17, 2008
Paul Thurrott
WinInfo
InstantDoc #101080
WinInfo
 

Microsoft on Tuesday issued an emergency warning about a newly discovered "zero day" attack against various versions of Internet Explorer (IE). The flaw that allows this attack could let hackers remotely gain access to users' PCs and is rated as "critical," the company's most severe security rating. Microsoft will issue a fix today.

"Microsoft issued its Advance Notification of security update MS08-078 which will address a new vulnerability allowing remote code execution in all affected versions of Internet Explorer products," a Microsoft statement reads. "Microsoft intends to release this security update [Wednesday], December 17 at 10 AM PT through Automatic Updates and Microsoft Update."

The flaw affects IE 5, 6, and 7, but Microsoft says it is only aware of attempts to compromise systems running IE 7. Microsoft's next browser, IE 8, is currently in beta but the company recommends that Beta 2 users apply the coming patch as well.

This attack is particularly scary because users can be compromised simply by visiting Web sites; it doesn't require them to click on or download anything. It's possible that even known and trusted sites could have attack code "injected" into them, and apparently a number of mostly Chinese Web sites have, in fact, been hacked to that purpose.

IE users, especially IE 7 users, are advised to download today's patch as soon as its becomes available. More information about this flaw can be found on the Microsoft Web site, though the company won't release full details until the fix is out.

http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx



Reader Comments

Errrr. About "apparently a number of mostly Chinese Web sites have" isn't surprising. I think I've only once gone to a Chinese site [it had English in it]. Any olther legitimate site that may have got hit probably didn't get it just yesterday. So you may already be vulnerable. My rule is, go to sites you can trust [so what am I doing here? :-) ] and hold off on Googling/searching the web until after the patch. Some suggested to switch to Firefox [or others]. For a day? I wouldn't say Firefox is so secure. 15+ updates for v2 since it was released. v3 has at least 4 updates.

ebraiter -December 17, 2008

I tried to install the patch on Vista Premium SP1 with IE 8 Beta 2 and was politely told the patch did not apply to my system.....womp womp womp. Thank you for the 'heads up' Paul.

rshayes@vbgov.com -December 17, 2008

Thanks Paul, my Vista machines are now patched. Well, now that the patch is out, IE users can resume browsing the web. And for the warning to switch to other broswers? Firefox had plenty of high level patches being issued while IE7 only had one. So much for Firefox being better. At least it was faster than the zero day in Safari. How long did it take Apple to finally patch it? A month, six weeks? Apple could learn something from how fast Microsoft patched it.

subzerohitman721 -December 18, 2008

ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Calculate your savings now
See how SAN is 57% cheaper than DAS over three years

Free CDs Offer Fundamental Content for IT Pros
Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.

Let Your Users Reset Their Own Passwords: Free Download
Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


Exchange Server 2010: Deploying Unified Communications - Virtual conference
December 1, 2009 - Free Registration. Build your Unified Communications future on a strong Exchange Server 2010 foundation.

Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

Migration, Virtualization, Availability, and Desktop Management
Realize the importance of a workload optimization strategy...it can affect your bottom line!

Deep Dive into VMware vSphere, eLearning Series
Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement