Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Internet Explorer 960714 is released - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Internet Explorer 960714 is released

The Microsoft Security Bulletin MS08-078 - Critical
Security Update for Internet Explorer (960714) is available now. We covered this issue in several recent diaries.

http://isc.sans.org/diary.html?storyid=5497

http://isc.sans.org/diary.html?storyid=5479

http://isc.sans.org/diary.html?storyid=5458

http://isc.sans.org/diary.html?storyid=5464

http://isc.sans.org/diary.html?storyid=5503
Here is the link to the advisory.
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
As previously noted this is a critical update for IE 5.0.1, IE 6,
IE 6 SP1, IE 7 and IE 8 Beta 2. It is being exploited in the wild. It is being distributed via SQL injection.

So get your patches asap.

UPDATE

Just in case it wasn't obvious to everyone. ChrisM wrote in and reminded us that:
"The emergency IE patch that came out today (MS08-078), DOES NOT replace the IE security patch that came out earlier this month (MS08-073). Both of these patches have to be installed to make IE "secure"."

donald

206 Posts
ISC Handler
\"It is being distributed via SQL injection.\"? Hopefully you mean, it is being exploited by SQL injection and distributed via Windows Update?
Anonymous
Both of these patches have to be installed to make IE 'secure'"... Nothing will make IE 'secure' - these patches simply address the latest known vulnerabilities. No amount of patching will ever make a system and/or network 'secure'
Lee

21 Posts

Sign Up for Free or Log In to start participating in the conversation!