Monday, March 29, 2010

Special IE Patch due tomorrow

Rafts of stories about this one. More info after I test it out, but it should not affect anyone using Firefox or Google Chrome.

US-CERT Current Activity
Microsoft Releases Advance Notification for Out-of-Band Security Bulletin
added March 29, 2010 at 07:16 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin. This bulletin will address a vulnerability in Microsoft Internet Explorer 6 and Internet Explorer 7. The notification states that release of this bulletin is scheduled for March 30, 2010. Additional information can be found in Microsoft Security Advisory 981374 and in the Vulnerability Notes Database.

US-CERT will provide additional information as it becomes available.
Microsoft to Issue Emergency IE Fix — Krebs on Security
Microsoft Corp. said today it plans to break from its regularly scheduled monthly software update cycle to issue a patch on Tuesday for a security hole in its Internet Explorer Web browser that hackers have been exploiting lately.

Microsoft normally releases security updates on “Patch Tuesday,” the second Tuesday of each month. But this Tuesday, Mar. 30, Microsoft will release a cumulative update for Internet Explorer that fixes a critical software flaw in IE 6 and IE 7. The browser flaw lets hackers break into vulnerable systems remotely, with little help from users.
Sunbelt Blog: Microsoft out-of-band patch tomorrow
Microsoft said today it will issue an out-of-band patch tomorrow for a vulnerability in Internet Explorer 6 and 7 that is being actively exploited.
Internet Explorer - Special Security Update on March 30, 2010 - Harry Waldron - IT Security
Microsoft will be releasing a special security update tomorrow for versions 6 and 7 of Internet Explorer. This early release will better protect IE users from current threats circulating in the wild. Please apply these changes as prompted tomorrow to protect your PC. Better yet, move to IE8 if you use Windows XP or Vista.

Internet Explorer - Out of Band Security Update on March 30, 2010

Internet Explorer - Out of Band Security Update Details

Key vulnerability patched described in Microsoft Security Advisory 981374
Microsoft: Emergency IE patch coming tomorrow | Zero Day |
The IE patch will also include fixes for several other vulnerabilities:
The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack.

From the MSRC blog:

Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory and we continue to encourage all customers to upgrade to this version to benefit from the improved security protection it offers.

We recommend that customers install the update as soon as it is available. Once applied, customers are protected against the known attacks related to Security Advisory 981374. We have been monitoring this issue and have determined an out-of-band release is needed to protect customers. For customers using automatic updates, this update will automatically be applied once it is released. Additionally, because Security Bulletin MS10-18 is a cumulative update, it will also address nine other vulnerabilities in Internet Explorer that were planned for release on April 13.

No comments: