Home > Internet Explorer > Microsoft To Release Patch for IE Flaw Tomorrow

Microsoft To Release Patch for IE Flaw Tomorrow

Internet Explorer 3 Comments

Well, that was quick. Microsoft said yesterday it would release an out-of-band security update to fix the vulnerability found in Internet Explorer which was used during the Google attacks. Today it announced the fix will be released tomorrow.

The update will address the vulnerability in Internet Explorer, 6, 7, and 8 on Windows 2000, XP, Vista, and 7 – so everything will be patched. Even though the actual exploit currently out there (the one used in the Google attack) only affects Windows XP running Internet Explorer 6, Microsoft still rates this vulnerability as “Critical”, meaning the company takes it quite seriously.

“This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical,” a Microsoft spokesperson told Ars Technica today, “It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized.”

A pretty quick response from Microsoft, since it only found out about the flaw six days ago. I guess this means we can put this one to rest.

About The Author

Thom Holwerda

Follow me on Mastodon @[email protected]

3 Comments

  1. 2010-01-20 11:09 pm
    Anon

    … but I find it almost funny that Google, of all companies, got hacked for using INTERNET EXPLORER 6.

    I mean, surely they’d be using the great brower that is Chrome, or at least Firefox.

    The Onion should write an article along the lines of Microsoft increases market share though supplying and use of their insecure software by compeditors.

    Now we see more holes in Windows.

    Microsoft really need to start from scratch and remove all that legacy shit. Start clean, write a cleaner windows with a VM layer for Win32 applications.

    Edited 2010-01-20 23:16 UTC

    • 2010-01-21 2:07 am
      Cody Evans Silver Supporter

      Kind of like Midori?

      It has been reported to be a possible commercial implementation of the Singularity operating system, a research project started in 2003 to build a highly-dependable operating system in which the kernel, device drivers, and applications are all written in managed code. It was designed for concurrency, and can run a program spread across multiple nodes at once. It also features an entirely new security model that sandboxes applications for increased security. Microsoft has mapped out several possible migration paths from Windows to Midori.

      http://en.wikipedia.org/wiki/Midori_(operating_system)

  2. 2010-01-21 12:10 am
    lemur2

    FTA:

    Even though the actual exploit currently out there (the one used in the Google attack) only affects Windows XP running Internet Explorer 6, Microsoft still rates this vulnerability as “Critical”, meaning the company takes it quite seriously.

    Thom, are you aware that some security experts have come up with exploit code against this vulnerability that they claim works on IE7 and IE8 running on Vista or Windows 7?

    It is just that these more advanced exploits weren’t seen in the wild or used by attackers.

    Microsoft are entirely correct to take this seriously.