Internet Explorer Alert – Critical Product Vulnerability

This just dumped into my inbox. Since so many people use Internet Explorer 6 or 7 and it talks about a very bad security issue I thought it important enough to warrant a repost (for the full details visit http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx.

Basically the bulletin says that if you have automatic updates turned on, your computer will be updated shortly. This may mean your computer will reboot itself. By the way, if you don’t have auto updates turned on, do so right now. It’s not safe otherwise (that goes for Mac users too btw).

Executive Summary

This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 961051.

Recommendations

Microsoft recommends customers prepare their systems and networks to apply this security update immediately, to help ensure that their computers are protected from attempted criminal attacks. Please visit http://www.microsoft.com/protect to apply the security update.

PUBLIC BULLETIN WEBCAST

Microsoft will host two Webcasts to address customer questions on this Out-of-Band bulletin:

Title: Information About Microsoft December Out-of-Band Security Bulletin
Date: Wednesday, December 17, 2008 1:00 P.M. Pacific Time (U.S. & Canada)
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399448&Culture=en-US

Title: Information About Microsoft December Out-of-Band Security Bulletin #2
Date: Thursday, December 18, 2008 11:00 A.M. Pacific Time (U.S. & Canada)
URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399449&Culture=en-US

To remain informed about security threats and solutions, please subscribe to the Microsoft Security News Letter