Categories
Browsers News

Internet Explorer Alert – Critical Product Vulnerability

This just dumped into my inbox. Since so many people use Internet Explorer 6 or 7 and it talks about a very bad security issue I thought it important enough to warrant a repost (for the full details visit http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx.

Basically the bulletin says that if you have automatic updates turned on, your computer will be updated shortly. This may mean your computer will reboot itself. By the way, if you don’t have auto updates turned on, do so right now. It’s not safe otherwise (that goes for Mac users too btw).

Executive Summary

This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 961051.

Recommendations

Microsoft recommends customers prepare their systems and networks to apply this security update immediately, to help ensure that their computers are protected from attempted criminal attacks. Please visit http://www.microsoft.com/protect to apply the security update.

PUBLIC BULLETIN WEBCAST

Microsoft will host two Webcasts to address customer questions on this Out-of-Band bulletin:

Title: Information About Microsoft December Out-of-Band Security Bulletin
Date: Wednesday, December 17, 2008 1:00 P.M. Pacific Time (U.S. & Canada)
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399448&Culture=en-US

Title: Information About Microsoft December Out-of-Band Security Bulletin #2
Date: Thursday, December 18, 2008 11:00 A.M. Pacific Time (U.S. & Canada)
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399449&Culture=en-US

To remain informed about security threats and solutions, please subscribe to the Microsoft Security News Letter

By Morten Rand-Hendriksen

Morten Rand-Hendriksen is a Senior Staff Instructor at LinkedIn Learning (formerly lynda.com specializing in AI, bleeding edge web technologies, and the intersection between technology and humanity. He also occasionally teaches at Emily Carr University of Art and Design. He is a popular conference and workshop speaker on all things tech ethics, AI, web technologies, and open source.