On Wednesday, 17 December 2008 Microsoft has released an emergency patch to fix a security hole in its Internet Explorer software, The hole in Internet Explorer’s security may allow hackers to hijack Internet Explorer browsers and take over computers. MS08-078, This security update resolves a publicly disclosed vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition. This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7.
Microsoft said-
It plans to ship a security update, rated "critical," for the browser on Wednesday. People with the Windows Update feature activated on their computers will get the patch automatically. it has seen attacks targeting the flaw only in Internet Explorer 7, the most widely used version, but has cautioned that all other current editions of the browser are vulnerable.
| NEW SECURITY BULLETIN TECHNICAL DETAILS | |||||||||||||||||
|
Identifier
|
MS08-078
|
||||||||||||||||
|
Severity Rating
|
This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 SP1, and Internet Explorer 7.
|
||||||||||||||||
|
Impact of Vulnerability
|
Remote Code Execution
|
||||||||||||||||
|
Detection
|
Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
|
||||||||||||||||
|
Affected Software
|
Internet Explorer 5.01 (Windows 2000), Internet Explorer 6 (Windows 2000), Internet Explorer 6 SP1 (Windows XP and Windows Server 2003), and Internet Explorer 7 (Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008). For information about Internet Explorer 8 (Beta) please see the FAQ section of the bulletin.
|
||||||||||||||||
|
Restart Requirement
|
The update will require a restart only if the required files are being used. If this occurs, a message appears that advises you to restart.
|
||||||||||||||||
|
Removal Information
|
. For Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility
. For Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates. |
||||||||||||||||
|
Bulletins Replaced by This Update
|
None.
|
||||||||||||||||
|
Full Details:
|
|||||||||||||||||
Date: Wednesday, December 17, 2008 1:00 P.M. Pacific Time (U.S. & Canada)
URL:Information About Microsoft December Out-of-Band Security Bulletin
Title: Information About Microsoft December Out-of-Band Security Bulletin #2
Date: Thursday, December 18, 2008 11:00 A.M. Pacific Time (U.S. & Canada)
URL:Information About Microsoft December Out-of-Band Security Bulletin #2
Microsoft encourages all IE customers to test and deploy this update as soon as possible.
Trend Micro has identified about 10,000 websites that have been infected with malicious software that can be sneakily slipped into visitors’ due to unprotected IE browsers. Around 70% users use Internet Explorer nearly three-quarters of the world’s computers. So Due to this security holes Hackers easily can take over the control of infected computers, steal data and use for oblique activities like attacks on other networks.
I really scared with vulnerability in IE and I confirmed that I should not open IE ever once in future I decided to use Firefox for all.People who want to continue to use IE which is inviting problems to yourself is to update their IE with the patch provided by them.