Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 17th, 2008

Critical Internet Explorer Security Vulnerability Fixed By Microsoft

Microsoft released an emergency patch today to address a critical bug in Internet Explorer (IE) that attackers have been exploiting for more than a week. The MS08-078 critical security update for Internet Explorer (960714) is available for download. This patch does not replace the IE security patch that came out earlier this month (MS08-073), both of these patches have to be installed.

As previously noted, this is a critical update for versions IE 5.0.1, IE 6, IE 6 SP1, IE 7 and IE 8 Beta 2. The vulnerability is being exploited in the wild, usually with the help of compromised websites that suffered SQL injection. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update fixes the problem by modifying the way Internet Explorer validates data binding parameters and handles the error that results in the exploitable condition.

“In response to the threat to customers and mindful of the challenges customers face deploying updates during this time of year, Microsoft immediately mobilized security engineering teams worldwide to develop, test and deliver a security update of appropriate quality for worldwide distribution in the unprecedented time of eight days,” the company said Tuesday.

Users should review Microsoft Security Bulletin MS08-078 and apply the update as soon as possible. Users may also want to consider using alternative browser (Firefox) with an add-on that efficiently protects from malicious websites attacks (NoScript).

Share this item with others:

More on CyberInsecure:
  • Cross-Domain Vulnerability In Microsoft Internet Explorer 6
  • Critical 0-day Vulnerability In Internet Explorer 6 And 7, Exploit Already Published
  • Record Number Of Vulnerabilities Fixed In Microsoft’s Patch Tuesday
  • Critical Windows, Office Flaws Fixed In November’s MS Patch Tuesday
  • Microsoft Releases February Security Bulletin For 8 Security Vulnerabilities

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Critical Internet Explorer Security Vulnerability Fixed By Microsoft

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.