Microsoft has just released a security bulletin (MS08-078) to address a new vulnerability allowing remote code execution in Internet Explorer. MS08-078 has a maximum severity rating of Critical for all versions of Internet Explorer.

This security update resolves a publicly disclosed vulnerability in Internet Explorer, and also addresses the vulnerability first described in Microsoft Security Advisory 961051. The vulnerability could allow remote code execution if a user views a specially crafted web page using Internet Explorer.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition. This patch will require rebooting. 

There are a few thousand hacker sites already attempting the exploit.  Many anti-malware software vendors, including Kaspersky Lab, have already updated their protection software. However, you should consider a workstation and server update if you have any concerns. Reboots will probably be required.

For details, please read the full bulletin for MS08-078 on the Microsoft TechNet Security TechCenter. 

NOTE: GreenPages clients that have a GreenPages Service Plan that includes server updates have already received the patch as part of their program.

 

 

Copyright © 2008 | GreenPages Technology Solutions | All rights reserved
Privacy Policy | 33 Badgers Island West | Kittery, ME | 1-800-989-2989

For questions or concerns about how to apply the patch or for more information about how this flaw could affect your business environment, please call your GreenPages account executive.