Internet Explorer 960714 is released

Published: 2008-12-17. Last Updated: 2008-12-17 22:56:36 UTC
by donald smith (Version: 1)
2 comment(s)

The Microsoft Security Bulletin MS08-078 - Critical
Security Update for Internet Explorer (960714) is available now. We covered this issue in several recent diaries.

http://isc.sans.org/diary.html?storyid=5497

http://isc.sans.org/diary.html?storyid=5479

http://isc.sans.org/diary.html?storyid=5458

http://isc.sans.org/diary.html?storyid=5464

http://isc.sans.org/diary.html?storyid=5503
Here is the link to the advisory.
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
As previously noted this is a critical update for IE 5.0.1, IE 6,
IE 6 SP1, IE 7 and IE 8 Beta 2. It is being exploited in the wild. It is being distributed via SQL injection.

So get your patches asap.

UPDATE

Just in case it wasn't obvious to everyone. ChrisM wrote in and reminded us that:
"The emergency IE patch that came out today (MS08-078), DOES NOT replace the IE security patch that came out earlier this month (MS08-073). Both of these patches have to be installed to make IE "secure"."

2 comment(s)

Comments

\"It is being distributed via SQL injection.\"? Hopefully you mean, it is being exploited by SQL injection and distributed via Windows Update?
Both of these patches have to be installed to make IE 'secure'"... Nothing will make IE 'secure' - these patches simply address the latest known vulnerabilities. No amount of patching will ever make a system and/or network 'secure'

Diary Archives