Follow TechBlips on Twitter
Microsoft Gets More Detailed About IE Vulnerability and Workarounds
eWeek - RSS Feeds —
... looking to do what is appropriate and that an out-of-band patch may be the right option, but of course it is. And since they seem to know exactly where the bug is now they probably already have a prospective patch and its probably just a matter of testing time. Every version of IE currently supported touches on a whole lot of configurations, so there's a non-trivial amount of testing to do. Let's start a pool: My guess is that they try to come up with a Christmas present, so that MS08-078: Vulnerability in Internet Explorer Data Binding Components Could Allow Remote Code Execution ...
Critical Internet Explorer Patch Available
InformationWeek - All Stories And Blogs —
Topics: Analytics : Security : Web Tech Critical Internet Explorer Patch Available Posted by Mike Fratto , Dec 17, 2008 01:39 PM [image] In unusual move, Microsoft has issued a patch for all versions of Internet Explorer from v5.5 onward and for all versions of the Windows operating system. Time to roll out that out of band patch before your users get infected. Reports of users being exploited are rising. According to SANS Internet Storm Center , attackers started distributing the exploit code to web sites using sql injection. ShadowServer.org, a group of volunteers that analyse malware and track ...
Microsoft Releases Patch for Internet Explorer Zero-Day Vulnerability
eWeek - RSS Feeds —
Microsoft has issued an out-of-band patch for the zero-day flaw affecting Internet Explorer. The fix comes in resonse to reports hackers have been targeting the flaw for at least a week. Microsoft has released a patch ...
Microsoft releases patch for IE vulnerability
Hardware 2.0 —
December 17th, 2008 Microsoft releases patch for IE vulnerability Posted by Adrian Kingsley-Hughes @ 10:49 am Categories: Security , Microsoft , Software Tags: Vulnerability , Microsoft Internet Explorer , Microsoft Corp. , Web Browsers , Internet , Adrian Kingsley-Hughes Just a friendly FYI for all you Internet Explorer users out there. Microsoft has issued an out-of-cycle patch for the Internet Explorer vulnerability that came to light . That means it’s time to run Windows Update! Here’s the summary from the security bulletin ( MS08-078 ): The vulnerability could ...
Microsoft Releases Critical Internet Explorer Patch
InformationWeek - All Stories And Blogs —
Microsoft has released an out-of-band security update, MS08-078 , to fix a vulnerability in its Internet Explorer Web browser that is being actively exploited. "At this time, we are aware only of attacks that attempt to use this vulnerability against Windows Internet Explorer 7," said Christopher Budd, Microsoft security response communications lead, in an e-mailed statement. "Our investigation of these attacks so far has verified that they are not successful against customers who have applied the security update. MS08-078 has a maximum severity rating of Critical for all versions of Internet Explorer." Nonetheless, ...
Critical IE 7 fix is now available
All about Microsoft —
December 17th, 2008 Critical IE 7 fix is now available Posted by Mary Jo Foley @ 11:29 am Categories: Corporate strategy , Security , Internet Explorer Tags: Microsoft Internet Explorer 7 , Microsoft Internet Explorer , Microsoft Corp. , MS08-078 , Web Browsers , Security Administration , Patches , Security , Internet , Mary Jo Foley If you’re running Internet Explorer (IE) 7, you can go get the critical patch Microsoft released on December 17 to thwart a serious security vulnerability discovered earlier this week. Update : If you’re ...
Microsoft Releases IE Patch for Browser Exploit
jkOnTheRun —
In case you missed it yesterday, news hit of a serious browser exploit in Microsoft’s Internet Explorer with regards to remote code execution. And it wasn’t just the latest version of the browser used by the majority of computer users, but prior versions as well. The good news is that alternative ...
Where to Find the IE Patch (KB960714)
The Inquisitr » Technology —
... . It is part of Microsoft’s security bulletin MS08-078 and is under the code KB960714. The fix is an IE7 patch as well as one for IE5 and IE6. Users of IE8 Beta 2 will be offered a separate patch to address the issue. All Internet Explorer users are being advised to apply the security update immediately. ...
Microsoft Releases Out-of-Band Patch for Critical IE Security Flaw
Alice Hill's Real Tech News - Independent Tech —
malware.jpg By Michael Santo Editor-in-Chief, RealTechNews As I wrote yesterday, Microsoft on Wednesday released an emergency patch for the zero-day* vulnerability that affects all versions of Internet Explorer since 5.01. The patch is available via Windows Update, or can be downloaded for your specific IE version and OS from this page . It should be noted that there doesn’t appear to be a download on that for the Internet Explorer 8 Beta 2, but that version is vulnerable, and the fix can be picked up via Windows Update, Microsoft says. Last weekend Microsoft indicated it had seen an upsurge in exploits, but targeted only at IE7. ...
Microsoft has released a fix for the IE security hole
Technology: Technology blog | guardian.co.uk —
Following the amazing amount of publicity aroused by the recent zero-day security flaw, Microsoft has rushed out a patch. The page you need is: Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer (960714) Look through the table of Affected Software to find what you have, then click the ...
Serious IE Flaw Gets Special Patch Treatment
Technologizer —
Well, that was quick. The serious flaw in Internet Explorer that we posted about Tuesday has been fixed through an out of cycle security patch. Typically, Microsoft holds its “Patch Tuesday” event on the 1st Tuesday of the month. However, this time it was too serious to wait — and the company probably realized it would be a perfect time for its competitors to pounce. It’s pretty bad when security experts are telling your customers to switch. These are unbiased (for the most part) folks, and the typical computer user is going to take their advice seriously. Patch MS08-078 has been rated “critical” by Microsoft. The company is ...
MS Fixes Critical IE Exploit
Homotron.net —
Only eight days after a critical Internet Explorer exploit that affected over 10,000 websites was made very, very public, Microsoft has released a fix. The IE7 exploit has been used to steal gaming passwords but would have inevitably drawn more nefarious criminals, and some experts went so far as to caution IE users to switch to another browser until the flaw was corrected.
While I don't think that IE users "get what they deserve," eight days is rather shamefully long to have to wait for a potentially devastating vulnerability to be fixed. This ain't Hanukkah, Microsoft, and you ain't no Maccabee.
For you IE folk who ...
Much Ado Over Microsofts (Somewhat) Rare Out-Of-Band Patch
InformationWeek - All Stories And Blogs —
Topics: Security Much Ado Over Microsofts (Somewhat) Rare Out-Of-Band Patch Posted by George Hulme , Dec 17, 2008 08:00 PM [image] My advice: patch this puppy , and dont worry about whether or not Microsoft should have published this update out of its normal monthly update cycle. Last week, right on Patch Tuesday in fact, Microsoft learned of a zero-day vulnerability, and toward the end of the week, it was being widely exploited. The first point is that more zero-days are being released on, or right after Patch Tuesday. This is no doubt a tactic designed to maximize the shelf life of the exploit. I fully expect this trend ...
IE out-of-band release; fixes MS08-078
D' Technology Weblog —
... update available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses one remote code execution vulnerability. For detailed information on the contents of this update, please see the following documentation:
Microsoft Security Bulletin MS08-078
Microsoft Knowledge Base Article 960714 ...
Microsoft releases emergency update for critical IE patch
TG Daily - All News —
Redmond (WA) - Yesterday, Microsoft made good on the quick patch promise they had made earlier in the day . It repairs a critical bug affecting Internet Explorer versions 5.01, 6, 7 and 8 Beta 2 which could allow remote code execution just by visiting an infected website. The patch is available via the normal Windows Update download process. Users are encouraged to obtain and install the patch immediately as there are more than 10,000 websites "in the wild" which have already used the exploit to infect user's machines. No special action is required for the bug to be used. Just visiting an infected website can corrupt the machine. ...
Microsoft releases emergency update to for critical IE patch, one day late
TG Daily - All News —
Redmond (WA) - Yesterday, Microsoft made good on the quick patch promise they had made earlier in the day . It repairs a critical bug affecting Internet Explorer versions 5.01, 6, 7 and 8 Beta 2 which could allow remote code execution just by visiting an infected website. The patch is available via the normal Windows Update download process. Users are encouraged to obtain and install the patch immediately as there are more than 10,000 websites "in the wild" which have already used the exploit to infect user's machines. No special action is required for the bug to be used. Just visiting an infected website can corrupt the machine. ...
Microsoft MS08-078 Security Patch
Gear Live —
Internet Explorer users should take special note. Microsoft has released the MS08-078 patch to fix a security problem. The company claims that the vulnerability comes through JavaScript code on malicious sites, when victims are redirected to them through hacked ones. Malware is then downloaded onto the user’s computer. IE 5.01, 6, 7 and Beta 2 seem to be affected. This means that about 1 in 500 may be at risk. If you think you may be one of them and haven’t updated your browser lately, head over to Microsoft to find out more.
Tags: ...
IE Bug Re-Ignites Disclosure Debate
eWeek Security Watch —
Like the sound of a mosquito thwacking into a bug light on a steamy mid-summer's night - about the opposite imagery of what many of us are experiencing right now as we sit buried under a blanket of winter snow - the arrival of last week's emergency IE patch ...
Second Zero Day Flaw Nails Microsoft In Two Weeks
InformationWeek - All Stories And Blogs —
Topics: Security Second Zero Day Flaw Nails Microsoft In Two Weeks Posted by George Hulme , Dec 23, 2008 09:23 PM [image] For the second time in two weeks, Microsoft is rushing to fix a zero-day vulnerability. This time the flaw is in some versions of the software used to run corporate databases. Unlike the patch that recently was released for the zero-day vulnerability that surfaced on Patch Tuesday (12/9), there have been no confirmed attacks against this latest zero-day threat, which early reports indicate vulnerable applications include: Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 ...
