Microsoft Issues Emergency Patch for Critical Internet Explorer Vulnerability
Things haven’t been going all that well for Microsoft and their Internet Explorer browser recently, not with people exploiting a security flaw in the application in order to steal users’ confidential data. Until now, the only viable workaround (as advised by security experts) was to give up on IE and switch to other, similar applications – now you can return to IE because Microsoft has issued a patch, an out-of-date one. Microsoft usually releases updates and patches only on the second Tuesday of this month, and on this December Patch Tuesday Microsoft plugged a total 6 security problems deemed as critical (but apparently missed this IE one).
Director with Microsoft Security Response Center (MSRC), Mike Reavey comments: “We released security update MS08-078, protecting customers from active attacks against Internet Explorer. This update will be applied automatically to hundreds of millions of customers through automatic updates over the next few days. As with all security updates from Microsoft, we have verified that this update meets the quality, deployment and application compatibility criteria. It is a high-quality update, ready for broad release, and we encourage customers to test and deploy this update as quickly as possible.”
Just a little reminder on this security vulnerability: it affects all versions of Internet Explorer, details on the security hole are publicly available, and it is actively exploited (a large number of sites have been infected in order to take advantage of this vulnerability; all you have to do is visit them with IE and you too will be infected). It goes without saying that you need to apply this patch if you want to stay safe and protected.
The way I see it, this MS08-078 security flaw is somewhat of a blessing in disguise, and what I mean by that is that it allows you to check out the competition. When it comes to browsers, there offer is more than generous: you could get the recently updated Firefox 3.0.5, the speedy Google Chrome 1.0 which recently shed its Beta status, or the safer Opera 9.63. Or, you could go for Lunascape 5.0 Genesis, which blends IE, Firefox and Chrome together.
Director with Microsoft Security Response Center (MSRC), Mike Reavey comments: “We released security update MS08-078, protecting customers from active attacks against Internet Explorer. This update will be applied automatically to hundreds of millions of customers through automatic updates over the next few days. As with all security updates from Microsoft, we have verified that this update meets the quality, deployment and application compatibility criteria. It is a high-quality update, ready for broad release, and we encourage customers to test and deploy this update as quickly as possible.”
Just a little reminder on this security vulnerability: it affects all versions of Internet Explorer, details on the security hole are publicly available, and it is actively exploited (a large number of sites have been infected in order to take advantage of this vulnerability; all you have to do is visit them with IE and you too will be infected). It goes without saying that you need to apply this patch if you want to stay safe and protected.
The way I see it, this MS08-078 security flaw is somewhat of a blessing in disguise, and what I mean by that is that it allows you to check out the competition. When it comes to browsers, there offer is more than generous: you could get the recently updated Firefox 3.0.5, the speedy Google Chrome 1.0 which recently shed its Beta status, or the safer Opera 9.63. Or, you could go for Lunascape 5.0 Genesis, which blends IE, Firefox and Chrome together.
