Critical Internet Explorer Security Vulnerability Fixed By Microsoft
Microsoft released an emergency patch today to address a critical bug in Internet Explorer (IE) that attackers have been exploiting for more than a week. The MS08-078 critical security update for Internet Explorer (960714) is available for download. This patch does not replace the IE security patch that came out earlier this month (MS08-073), both of these patches have to be installed.
As previously noted, this is a critical update for versions IE 5.0.1, IE 6, IE 6 SP1, IE 7 and IE 8 Beta 2. The vulnerability is being exploited in the wild, usually with the help of compromised websites that suffered SQL injection. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update fixes the problem by modifying the way Internet Explorer validates data binding parameters and handles the error that results in the exploitable condition.
“In response to the threat to customers and mindful of the challenges customers face deploying updates during this time of year, Microsoft immediately mobilized security engineering teams worldwide to develop, test and deliver a security update of appropriate quality for worldwide distribution in the unprecedented time of eight days,” the company said Tuesday.
Users should review Microsoft Security Bulletin MS08-078 and apply the update as soon as possible. Users may also want to consider using alternative browser (Firefox) with an add-on that efficiently protects from malicious websites attacks (NoScript).
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.