Microsoft Critical Internet Explorer Browser Patch Now Available - Dec 17, 2008

[mouser]

This is a serious security patch that needs to be applied by anyone running any version of MS windows.

The out-of-band security update fixes a JavaScript-related vulnerability that's being actively exploited through hacked Web sites.

By Thomas Claburn
InformationWeek
December 17, 2008 02:00 PM

Microsoft has released an out-of-band security update, MS08-078, to fix a vulnerability in its Internet Explorer Web browser that's being actively exploited.

"At this time, we are aware only of attacks that attempt to use this vulnerability against Windows Internet Explorer 7," said Christopher Budd, Microsoft security response communications lead, in an e-mailed statement. "Our investigation of these attacks so far has verified that they are not successful against customers who have applied the security update. MS08-078 has a maximum severity rating of Critical for all versions of Internet Explorer."

Nonetheless, Microsoft lists Internet Explorer 5.01, 6, and 7 as affected software in its Security Bulletin. It also says separately, in the FAQ section, that Internet Explorer 8 Beta 2 is affected.

article: http://www.informati...?articleID=212501006
download patch from windows update -- or see http://www.microsoft...lletin/ms08-078.mspx

[Darwin]

Thanks, mouser! I've been watching for this and have just installed it 

[ewemoa]

Thanks for mentioning this.  Appreciate the heads up