Thursday, January 21, 2010

Microsoft releases emergency patch for IE

Microsoft today released a so-called "out of band" patch for Internet Explorer (all supported versions).  I will be testing this on my systems, but home users should go ahead and run Windows Update and make sure this is installed.  NOTE: just because you have Automatic Updates enabled doesn't mean they're working.  Last night I applied almost 100 Windows Updates to a system which had Windows Updates on full-automatic-mode, but some part of the WU system had gotten corrupted and it wasn't working.  I opened an email case with Microsoft

The Microsoft Security Response Center (MSRC) : Bulletin MS10-002 Released
Today we released Security Bulletin MS10-002 out-of-band to address vulnerabilities in Internet Explorer. All customers using currently supported versions of Windows and Internet Explorer should apply this update as soon as possible. Once applied, customers are protected against the known attacks that have been widely publicized. For customers using automatic updates, this update will automatically be applied once it is released.

Other stories about this with non-Microsoft commentary are here:

In a totally unrelated development, version 3.6 of Firefox was released today.  It is not a security patch, so there is no need to rush it into production use.  I will be testing it and will report back here next week.

Mozilla drops Firefox 3.6 with security goodies | Zero Day |
Mozilla has released the latest iteration of its flagship Firefox browser with a few significant security goodies to keep malicious hacker at bay.

The update, which is being shipped via the browser’s automatic update mechanism, includes new features to patch third-party Firefox plug-ins and lock out rogue add-ons.

There are no security vulnerabilities being fixed with this Firefox 3.6 update.

No comments: