Comments on: Serious security flaw found in Internet Explorer http://itknowledgeexchange.techtarget.com/network-technologies/serious-security-flaw-found-in-internet-explorer/ Sat, 28 Nov 2009 07:24:18 +0000 http://wordpress.org/?v=2.6.2 By: Labnuke99 http://itknowledgeexchange.techtarget.com/network-technologies/serious-security-flaw-found-in-internet-explorer/#comment-11 Labnuke99 Wed, 17 Dec 2008 17:00:14 +0000 http://itknowledgeexchange.techtarget.com/network-technologies/serious-security-flaw-found-in-internet-explorer/#comment-11 Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in Internet Explorer on all currently supported versions of Windows. The bulletin is scheduled for release at approximately 10 A.M. Pacific Time on Wednesday, December 17, 2008. This security update will be released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.com/protect. The purpose of this notification is to assist customers with resource planning for this security bulletin release. The information offered in this notification is purposely general in nature to provide enough information for customers to plan for deployment without disclosing vulnerability details or other information that could put them at risk. Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at (866) PC SAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov. Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates, and installing anti-virus and anti-spyware software. Additional information can be found at: http://ww.microsoft.com/protect. New Bulletin Summary Bulletin Identifier Windows Bulletin, Internet Explorer Maximum Severity Rating Critical Impact of Vulnerability Remote Code Execution Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update. Restart Requirement May require restart Affected Software Microsoft Windows, Internet Explorer The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here: http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx. Although we do not anticipate any changes, the information provided in this summary is subject to change until the release. At this time, no additional information on this bulletin such as details regarding severity or details regarding the vulnerability will be made available until the bulletin is published. Public Bulletin Webcast Microsoft will host two Webcasts to address customer questions on these bulletins: Title: Information About Microsoft December Out-of-Band Security Bulletin (Level 200) Date: Wednesday, December 17, 2008 1:00 P.M. Pacific Time (U.S. & Canada) URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399448 Title: Information About Microsoft December Out-of-Band Security Bulletin #2 (Level 200) Date: Thursday, December 18, 2008 11:00 A.M. Pacific Time (U.S. & Canada) URL: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399449 Regarding Information Consistency We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative. If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant. Thank you, Microsoft CSS Security Team Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in Internet Explorer on all currently supported versions of Windows. The bulletin is scheduled for release at approximately 10 A.M. Pacific Time on Wednesday, December 17, 2008.

This security update will be released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit <a href="http://www.microsoft.com/protect" title="http://www.microsoft.com/protect" target="_blank">http://www.microsoft.com/protect</a>.

The purpose of this notification is to assist customers with resource planning for this security bulletin release. The information offered in this notification is purposely general in nature to provide enough information for customers to plan for deployment without disclosing vulnerability details or other information that could put them at risk.

Anyone believed to have been affected can visit: <a href="http://www.microsoft.com/protect/support/default.mspx" title="http://www.microsoft.com/protect/support/default.mspx" target="_blank">http://www.microsoft.com/protect/support…</a> and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at (866) PC SAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: <a href="http://www.ic3.gov" title="http://www.ic3. " target="_blank">www.ic3.gov</a>.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates, and installing anti-virus and anti-spyware software. Additional information can be found at: <a href="http://ww.microsoft.com/protect" title="http://ww.microsoft.com/protect" target="_blank">http://ww.microsoft.com/protect</a>.

New Bulletin Summary

Bulletin Identifier Windows Bulletin, Internet Explorer
Maximum Severity Rating Critical
Impact of Vulnerability Remote Code Execution
Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Restart Requirement May require restart
Affected Software Microsoft Windows, Internet Explorer

The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here: <a href="http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx" title="http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx" target="_blank">http://www.microsoft.com/technet/securit…</a>.

Although we do not anticipate any changes, the information provided in this summary is subject to change until the release. At this time, no additional information on this bulletin such as details regarding severity or details regarding the vulnerability will be made available until the bulletin is published.

Public Bulletin Webcast

Microsoft will host two Webcasts to address customer questions on these bulletins:

Title: Information About Microsoft December Out-of-Band Security Bulletin (Level 200)
Date: Wednesday, December 17, 2008 1:00 P.M. Pacific Time (U.S. & Canada)
URL: <a href="http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399448" title="http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399448" target="_blank">http://msevents.microsoft.com/CUI/EventD…</a>

Title: Information About Microsoft December Out-of-Band Security Bulletin #2 (Level 200)
Date: Thursday, December 18, 2008 11:00 A.M. Pacific Time (U.S. & Canada)
URL: <a href="http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399449" title="http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032399449" target="_blank">http://msevents.microsoft.com/CUI/EventD…</a>

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,
Microsoft CSS Security Team

]]>