Windows Enterprise Desktop

Dec 17 2008   9:11PM GMT

Essential out-of-cycle IE security update now available



Posted by: Ed Tittel
Tags:
CVE-2008-4844
MS08-078
Security
vulnerability scanner
Windows Update
Windows Vista
Windows Vista SP1
Windows Vista SP2

When Secunia calls a Windows security update “extremely critical” you know a serious vulnerability is being patched. The Windows security community has been abuzz since last week when a number of remote code execution vulnerabilities originally thought limited only to IE 7 turned out to affect other IE versions, and to involve general XML vulnerabilities as well. For more information on the update see “Microsoft Security Advisory (961051) Vulnerability in Internet Explorer Could Allow Remote Code Execution” and “Microsoft Security Bulletin MS08-078 – Critical.”

Security Bulletin MS08-078 specifically mentions IE 5, 6, and 7, as well as Windows 2000, Windows XP, and Windows Vista on the desktop front, plus Windows Server 2003 and Windows Server 2008, in both 32- and 64-bit versions (where applicable). This update is also associated with Pointer Reference Memory Corruption Vulnerability – CVE-2008-4844 from the Common Vulnerability and Exploits database.

The nature of the vulnerability is called “Remote Code Execution” which essentially means that an attacker can take over a system and run any code he or she wishes to at a very high level of privilege. Please visit Windows Update and download this security fix for testing and evaluation as soon as possible. Zero-day exploits have already been reported, and it is regarded as an active and hostile threat.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: