[ISN] Microsoft Releases Critical Internet Explorer Patch

From: InfoSec News <alerts_at_private>
Date: Thu, 18 Dec 2008 03:27:32 -0600 (CST)

By Thomas Claburn
December 17, 2008 

Microsoft (NSDQ: MSFT) has released an out-of-band security update, 
MS08-078, to fix a vulnerability in its Internet Explorer Web browser 
that's being actively exploited.

"At this time, we are aware only of attacks that attempt to use this 
vulnerability against Windows Internet Explorer 7," said Christopher 
Budd, Microsoft security response communications lead, in an e-mailed 
statement. "Our investigation of these attacks so far has verified that 
they are not successful against customers who have applied the security 
update. MS08-078 has a maximum severity rating of Critical for all 
versions of Internet Explorer."

Nonetheless, Microsoft lists Internet Explorer 5.01, 6, and 7 as 
affected software in its Security Bulletin. It also says separately, in 
the FAQ section, that Internet Explorer 8 Beta 2 is affected.

The vulnerability can be exploited through JavaScript code posted on 
malicious Web sites. Internet Explorer users may be redirected to these 
sites through hacked legitimate sites. If the malicious code is 
successful, it silently downloads malware onto the victim's computer.


Help InfoSecNews.org with a donation!
Received on Thu Dec 18 2008 - 01:27:32 PST

This archive was generated by hypermail 2.2.0 : Thu Dec 18 2008 - 01:38:54 PST