http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=212501006 By Thomas Claburn InformationWeek December 17, 2008 Microsoft (NSDQ: MSFT) has released an out-of-band security update, MS08-078, to fix a vulnerability in its Internet Explorer Web browser that's being actively exploited. "At this time, we are aware only of attacks that attempt to use this vulnerability against Windows Internet Explorer 7," said Christopher Budd, Microsoft security response communications lead, in an e-mailed statement. "Our investigation of these attacks so far has verified that they are not successful against customers who have applied the security update. MS08-078 has a maximum severity rating of Critical for all versions of Internet Explorer." Nonetheless, Microsoft lists Internet Explorer 5.01, 6, and 7 as affected software in its Security Bulletin. It also says separately, in the FAQ section, that Internet Explorer 8 Beta 2 is affected. The vulnerability can be exploited through JavaScript code posted on malicious Web sites. Internet Explorer users may be redirected to these sites through hacked legitimate sites. If the malicious code is successful, it silently downloads malware onto the victim's computer. [...] _______________________________________________ Help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.htmlReceived on Thu Dec 18 2008 - 01:27:32 PST
This archive was generated by hypermail 2.2.0 : Thu Dec 18 2008 - 01:38:54 PST