Microsoft releases patch for critical IE security flaw

Microsoft released a critical security patch on Wednesday to plug vulnerabilities in Internet Explorer, a move that comes amid malicious attackers taking advantage of the security flaws.

The patch is designed to prevent attackers from downloading malware onto users' computers if they visit a malicious Web site, or a legitimate Web site that has been infected.

This zero-day exploit has been in circulation since the first week of December and potentially could have infected a wide swath of users.

The vulnerabilities are found in not only IE 7, Microsoft's latest browser, but also Internet Explorer 5.01, Internet Explorer 6, and Internet Explorer 6 Service Pack 1.

[loose_screw]

I don't care, and I bet neither do a growing number of users. I'm using Chrome and lovin' every minute of it!

[timber2005]

Even if you don't use it, that doesn't mean you need to leave your computer unsecured. People will take over your computer, and use it to spread their malware faster. It might be used as a direct attack today, and a vector attack later that could be attacked from email, a trojan, whatever later.

[ALAIN97133]

I don't care, and I bet neither do a growing number of users. I'm using FireFox and lovin' every minute of it!

[bluemountain]

Do you have the link for it? So far I didn't receive any update from Microsoft. Even though I don't use IE I presume they will make us download this update.

[Penguinisto]

update.microsoft.com?

[timber2005]

http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
Downloads for all affected versions and OSes

[DeclinedDoomed]

It doesn't really matter to me since I don't use IE, but it would be really nice if Microsoft would actually send the patch out, so I could update.

[amadensor]

It does not matter whether or not you use IE. If you use Windows, many things use the IE engine to render.

[Wak_Em]

Patch!?....we don't need no stinking patch!!

[jinx101a]

@bluemountain: I'm skeptical of using the browser of an advertising company, especially when it "phones home" often.

IE and FireFox both have critical flaws this week: http://www.betanews.com/article/Firefox_patches_address_three_critical_vulnerabilities/1229540181

No one's safe these days. :)

[ittesi259]

While thats true the Firefox one was no a zero day exploit in the wild for more than a week and nobody s complaining about not receiving the patch.....Firefox 3.0.5 showed up last night through the auto update for me.

[Dalkorian]

IE has it's grubby little hands throughout the OS, FireFox doesn't. You either get that or you don't, but either way it's a good idea to get this update whether or not you've ever fired up IE. It wasn't that long ago when there was an exploit for IE that didn't even require you to be running IE!

[timber2005]

For anyone else looking for the standalone downloads, here ya go.
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

[n3td3v]

When going to the windowsupdate page it says no important updates, I guess it takes a while to circulate :)

[kojacked]

The patch just came through Windows Update on one of my PCs... Microsoft nailed this one fast!

[ferretboy88]

That was quick.

[drummer51689]

I bet the first comment on here once again is from applerocks... he just hid his name so no one would know. Please leave your comments to yourself and don't post here. :)

drummer

[Brian]

Hey, thanks Micro$oft for making Apple look good. :)

[sandkicker]

For those that wonder why they dont get notified, its simple. Turn on auto updates, but ensure that you only select "notify but do not download" updates.

For those Apple people, kinda funny as Apple/Mac has has put out some security updates as well, Chrome and Firefox.

IE is primarily a target because of market share, there isnt a internet connection that is 100% safe if some precautions arent taken. Sorry to burst bubbles.

[Dalkorian]

Sigh - I get so sick and tired of hearing M$ apologists claim their software is only insecure crapware because it's popular. Popularity and security have NOTHING to do with each other.

Case in point, there were viruses for Mac OS 9. Try to tell us OS 9 was more popular than OS X, which has had ZERO viruses over the 8 years it's been out.

Sorry Sandkicker, did I get some of that sand in your eye or are you just crying?

[Dalkorian]

I'm glad M$ kicked this patch out so quickly (assuming it works as expected and doesn't cause problems, of course). This sounded like a nasty one.

[sandkicker]

Sorry, no sand in my eyes Dalkorian.
And lest it was misunderstood, I am not a MS apologist. The reference to the other systems is the false sense of security that some who use the other systems feel because of ther fewer incidents of issues.

Working in the network field for quite a few years [40 to be exact] I know that no system perfect unless the admins and users play the game with security on their minds. Whether its a BSD, HP, or Sun Unix platfom irregardless there are holes in the system and people will always look for them.

Even the original GUI out of Champlain which became later became Netscape had holes. Surfing the Edu's in the late 80's via command promps only had issues. The point was that no system is perfect, and never will be. Sorta kinda way people shouldnt rely only on built in firewalls and virus protection.

ah done ranting for now, to each his/her own.