By Thomas Claburn
December 17, 2008
Microsoft (NSDQ: MSFT) has released an out-of-band security update,
MS08-078, to fix a vulnerability in its Internet Explorer Web browser
that's being actively exploited.
"At this time, we are aware only of attacks that attempt to use this
vulnerability against Windows Internet Explorer 7," said Christopher
Budd, Microsoft security response communications lead, in an e-mailed
statement. "Our investigation of these attacks so far has verified that
they are not successful against customers who have applied the security
update. MS08-078 has a maximum severity rating of Critical for all
versions of Internet Explorer."
Nonetheless, Microsoft lists Internet Explorer 5.01, 6, and 7 as
affected software in its Security Bulletin. It also says separately, in
the FAQ section, that Internet Explorer 8 Beta 2 is affected.
malicious Web sites. Internet Explorer users may be redirected to these
sites through hacked legitimate sites. If the malicious code is
successful, it silently downloads malware onto the victim's computer.
Help InfoSecNews.org with a donation!