AOH :: IS1484.HTM

Microsoft Releases Critical Internet Explorer Patch




Microsoft Releases Critical Internet Explorer Patch
Microsoft Releases Critical Internet Explorer Patch



http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=212501006 

By Thomas Claburn
InformationWeek
December 17, 2008 

Microsoft (NSDQ: MSFT) has released an out-of-band security update, 
MS08-078, to fix a vulnerability in its Internet Explorer Web browser 
that's being actively exploited.

"At this time, we are aware only of attacks that attempt to use this 
vulnerability against Windows Internet Explorer 7," said Christopher 
Budd, Microsoft security response communications lead, in an e-mailed 
statement. "Our investigation of these attacks so far has verified that 
they are not successful against customers who have applied the security 
update. MS08-078 has a maximum severity rating of Critical for all 
versions of Internet Explorer."

Nonetheless, Microsoft lists Internet Explorer 5.01, 6, and 7 as 
affected software in its Security Bulletin. It also says separately, in 
the FAQ section, that Internet Explorer 8 Beta 2 is affected.

The vulnerability can be exploited through JavaScript code posted on 
malicious Web sites. Internet Explorer users may be redirected to these 
sites through hacked legitimate sites. If the malicious code is 
successful, it silently downloads malware onto the victim's computer.

[...]


_______________________________________________      
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html 

Site design & layout copyright © 1986-2014 CodeGods