IE out-of-band Security Release 12/17

http://blogs.technet.com/msrc/default.aspx

Posts: 4147

IE vulnerability addressed.

Posted 11 months ago #

Top

mpc104

Posts: 286

thanks scott,i heard about this. they called it the zero one virus,or something like that.thanks again for the heads up.
mike

Posted 11 months ago #

Top

Spacegold

Posts: 594

When I read the message it does not sound as if this is going to be released as an automatic update. It sounds like it is going to come out as a set of options for geeks to choose from. Maybe one of you can come on tomorrow and try to spell it out for us Joe Computer types.

Posted 11 months ago #

Top

madmacs

Posts: 1389

Thx for that Scott. It won´t be automatically installed, so everyone using FF should click on Help-> Check for Updates... hope this helped Spacegold!!

Posted 11 months ago #

Top

Posts: 7487

My FF2 has just auto-updated.
Mozilla say this is the last planned release for FF2.

Posted 11 months ago #

Top

madmacs

Posts: 1389

I´m using FF3, maybe that was the problem LH? I would still recommend that everyone searches for this manually (as posted above), just to be on the safe side ;)

Posted 11 months ago #

Top

Posts: 7487

Absolutely agree Matt :)

Posted 11 months ago #

Top

ScottW

http://www.mozilla.org/securit.....refox3.0.5

Posts: 6609

What does all of this Firefox talk have to do with the thread topic -- a security vulnerability in Internet Explorer?

I have Windows Update prompting me to install KB960714 which points to the same advisory, 961051, mentioned in the link that Scott provided above. It is an automatic update on my systems for both XP SP3 and Vista SP1.

Posted 11 months ago #

Top

The Geek

Professional Geek

Posts: 1887

@ScottW

I was wondering that too... started investigating. Looks like there's a nasty bug in Firefox which is actually similar to the IE one, although totally separate. Anybody using Firefox should make sure they update.

Posted 11 months ago #

Top

raphoenix

Posts: 5223

For those running IE, there are two Out of Band Critical Updates available today (12/17/2008) on the MS Update Site.
The usual malware checker will check the system and install the Critical IE Update.
No choices appear with the IE Update. It's presented as a normal Critical Update.
Just check mark both boxes, let the updater do its thing and then reboot when instructed as usual.
Regards,
Rick P.

Posted 11 months ago #

Top

ScottW

Posts: 6609

@The Geek: thanks to Scott, I was aware of the Firefox 3.0.5 update as well:
http://www.howtogeek.com/forum.....5-released

I see what you mean about the two problems that sound similar:
IE: (CVE-2008-4844), Pointer Reference Memory Corruption Vulnerability
FF: (MFSA 2008-60), Crashes with evidence of memory corruption

@All, I have installed the Windows Update for IE, 960714, under Vista and all appears well. It required a reboot for me.

Posted 11 months ago #

Top

raphoenix

Posts: 5223

@All,
After installing the IE Update, I checked my Custom Security Settings and found all were the (same) as I had set.
Can discern no difference in the performance of the browser.
As with ScottW, the normal Reboot is required after installation completion.
Rick P.

Posted 11 months ago #

Top

ScottW

Posts: 6609

Rick, as I'm sure you know, those of us whose primary browser is not IE are still "running" IE because it's so deeply embedded in Windows.

No matter what your primary browser is, all of us Windows users need this update.

Posted 11 months ago #

Top

raphoenix

Posts: 5223

@Scott,
SURE, Totally Agree.
What is the question ?? I'm confuse by your post.
I might add that those running multiply browsers should keep ALL browsers updated.
Just assumed everyone would do that.
I don't have a favorite browser although IE is probably in use more than others because of spouse.
Regards,
Rick P.

Posted 11 months ago #

Top

ScottW

Posts: 6609

Rick, there is no question. In a previous post, you had written that these critical updates were "for those running IE". My point is that all of us with Windows XP and Vista are running IE whether we use it or not because it is so deeply ingrained in Windows. I just wanted to make sure that anyone who thought to themselves, "I am not running IE, so this doesn't apply to me", that they would know that it does apply to them. The way I see it, patching IE is patching Windows.

Also, it might NOT be obvious to the novice user that they need to patch other browsers and all of their applications for security purposes. That's why I strongly recommend Secunia PSI to anyone who will listen. :-)

Posted 11 months ago #

Top

raphoenix

Posts: 5223

@Scott,
I gotcha.
Can see how my post could be mis-interpreted.
I tend to forget folks new to to computing are constantly coming on board.
This will really become evident next week when folks get new computers for gifts.
Agree concerning Secunia PSI.
Thanks,
Rick P. :) :)

Posted 11 months ago #

Top

mpc104

Posts: 286

i got my update today,it was listed as important and i did not have to restart (kb960714)
mike

Posted 11 months ago #

Top

Spacegold