Internet Explorer Users Told To Update Now

Peaches

By Peaches,
in Security Alerts

 Share Followers 0

Recommended Posts

Peaches

Peaches

Posted
Posted

Internet Explorer users told to update now

Microsoft releases emergency security patches

Erik Larkin

Microsoft has taken the unusual step of releasing out-of-band patches for severe security flaws in all versions of Internet Explorer, along with related holes in the Microsoft Active Template Library included with Visual Studio.

Microsoft generally only releases patches outside of its normal monthly cycle for the most dangerous security flaws. The IE risks involve "components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library", according to Microsoft, and could allow an attacker to run commands or download malware on a vulnerable PC if you simply view a malicious web page. Such drive-by-download attacks are a favourite among Internet attackers.

According to Microsoft, this MS09-034 patch "is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows XP; Critical for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Vista; Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows Server 2003; and Moderate for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Server 2008."

Translation: if you use any version of IE on Windows 2000, XP or Vista, get the fix asap by running Windows Update.

The companion patch fixes holes in the Microsoft Active Template Library, part of Visual Basic, which can be used to create the vulnerable ActiveX controls that trigger the IE flaws fixed in the MS09-034 patch. According to Symantec, the ATL patch won't fix vulnerable controls that have already been created, but will avoid creating new vulnerable controls. For more information see the MS09-035 bulletin.

read at PCAdvisor - http://www.pcadvisor.co.uk/news/index.cfm?newsid=119974

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing