Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: IE Fixes Available SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IE Fixes Available

Hoping to put a close on Monday's IE Zero-day vulnerability (https://isc.sans.edu/diary.html?storyid=14107) Microsoft has announced the release of a FixIt (http://support.microsoft.com/kb/2757760) to address the issue, with a patch to be made available via Windows Update this friday (http://blogs.technet.com/b/msrc/archive/2012/09/19/internet-explorer-fix-it-available-now-security-update-scheduled-for-friday.aspx)

Can we look forward to more timely security patch releases from Microsoft?  That would be good news indeed.

Kevin Liston

292 Posts
ISC Handler
More timely security patch releases ? Surely you're kidding. The 0 Day appeared on September 17th and Microsoft will have an update to address it pushed out by the 21st.
Please name one other software manufacturer that responded as quickly as MS has done in this case.
Anonymous
@MowGreen you seem to have injected a snarky tone into your reading of the the diary. This is the 2nd out-of-band security patch to come from Microsoft in recent memory. I see this as a good thing-- making us wait until October would not, I'm glad that they didn't.
Kevin Liston

292 Posts
ISC Handler
Where is a link to download the Kb article?
I'd like to have it in my own files to use on other machines too.


Kevin Liston
20 Posts
@KL On the contrary, the diary appears to be criticizing Microsoft for not releasing an update for this issue in a timely manner, not me. I, too, am glad that they reacted more quickly than any other software vendor does.
Kevin Liston
10 Posts
@MrClarke The KB article will not be online until the update is pushed out. Updates usually come out @ 10 AM, Pacific Time.
Kevin Liston
10 Posts
Updates are available in Microsoft Download Center since around 17:00 CEST (UTC +0:00). It's KB2744842 (MS12-063).
Anonymous
I got it, MowGreen, Thanks.
BTW,
Did you used to hang out at paul laudanskys site?
CCSP?


Anonymous
@MowGreen as the author I have a unique insight into the intent of the phrase "Can we look forward to more timely security patch releases from Microsoft?" :-)
Kevin Liston

292 Posts
ISC Handler
"more timely" is the phrase causing issues.

Does the more refer to the number of out of band patches or does more refer to the timeliness of this out of band patch?

Given the context of the state of the argument regarding out of band patches on security sites generally, I interpreted this as a hope for more out of band patches in the future, not that this out of band patch took too long to be released.
Kevin Liston
3 Posts
So "more timely-patches" (like this one) vs. "more-timely patches." I intended the former.
Kevin Liston

292 Posts
ISC Handler
@MrClarke Yes, I did hang out at Paul's site, CCSP.

@KL Sorry about my distracting post. I mistook your more timely comment as to being sarcastic.

The most important part of this post's thread is that MS addressed this issue within 4 days, unlike some 'other' software vendors who sit around for months while the great unwashed are left dangling in the cyber winds.
Kevin Liston
10 Posts
It comes out now that Microsoft may have been able to react so "fast" because they perhaps learned about the flaw 2 months ago and sat on it. Kudos for their "speedy" response may have been too quick.

http://www.techweekeurope.co.uk/news/internet-explorer-ie-security-flaw-microsoft-zdi-93765
Hal

50 Posts

Sign Up for Free or Log In to start participating in the conversation!