Please read Microsoft Security Advisory (961051) for details of a new IE vulnerability
QuoteMicrosoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.
Full details of the alert may be found at:
http://www.microsoft.com/technet/security/advisory/961051.mspx
The advisory has been updated:-
Quote from: http://www.microsoft.com/technet/security/advisory/961051.mspxOur investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.
In other words, the following
may be susceptible to the same attack should the attackers target them
- Internet Explorer 5.01 SP4
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 8 Beta 2
Don't panic yet but watch out for news on this.
Hi :)
FYI:
BBC News 09:20 GMT, Tuesday, 16 December 2008
QuoteUsers of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
Further reading: http://news.bbc.co.uk/2/hi/technology/7784908.stm (http://news.bbc.co.uk/2/hi/technology/7784908.stm)
QuoteMICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC's settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date
Out of band update scheduled for tomorrow.
Microsoft Security Bulletin Advance Notification for December 2008 - December 16, 2008
This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on December 17, 2008.
http://www.microsoft.com/technet/security/Bulletin/ms08-dec.mspx
I have merged these two topics into one as they both relate to the same IE vulnerability.
As stated above, an update for this issue is now available, more details at:
kb960714 (http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx)