Security problem in IE6 - IE9

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Security problem in IE6 - IE9

Post by HansV »

As mentioned by RonH in Newly discovered critical security hole in IE, a security problem has been found that affects Internet Explorer 6, 7, 8 and 9. Internet Explorer 10 (for Windows 8) is not affected. See Microsoft Security Advisory (2757760) - Vulnerability in Internet Explorer Could Allow Remote Code Execution.

It hasn't been used "in the wild" yet, so there is no reason to panic, but it is wise to be very careful until Microsoft releases a patch:

- Make sure that your security software is active and up-to-date.
- As always, don't open attachments or follow links in e-mails if you aren't sure they're safe.
- If you use social media such as Facebook, don't follow links if you aren't sure they're safe.
- Don't visit doubtful websites.

You may consider using another browser, such as Google Chrome, Mozilla Firefox or Opera in the meantime.
Best wishes,
Hans

User avatar
Argus
GoldLounger
Posts: 3081
Joined: 24 Jan 2010, 19:07

Re: Security problem in IE6 - IE9

Post by Argus »

There are reports that it had been used in the wild before it was published. Perhaps you are referring to Microsoft's comment, that they are aware of "targeted attacks". But I definitely agree with you, that it is wise to be very careful. It's now part of "attack tools".

As for the vulnerability, and Microsoft, see also:

Additional information about Internet Explorer and Security Advisory 2757760 (18 Sep)
We will release a Fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday.
And they did; the next day, 19 Sep, the advisory was updated.

And then from the MSRC blog:
Internet Explorer Fix it available now; Security Update scheduled for Friday
Then, on this Friday, Sept. 21, we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels. We recommend that you install this update as soon as it is available. If you have automatic updates enabled on our PC, you won’t need to take any action – it will automatically be updated on your machine. This will not only reinforce the issue that the Fix It addressed, but cover other issues as well.
So, there will be an "out of band" (or perhaps "out of phase" :smile:) cumulative update for IE, MS12-063, on Friday.
Byelingual    When you speak two languages but start losing vocabulary in both of them.

User avatar
HansV
Administrator
Posts: 78236
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: Security problem in IE6 - IE9

Post by HansV »

Thanks for the update, Argus!
Best wishes,
Hans