Saturday, December 20, 2008

Microsoft Internet Explorer Flaw: Patch Tuesday and Exploit Wednesday (MS08-078)

The just released patch for critical IE flaw by Microsoft, released out-of-band and not along with the regular batch of Patch Tuesday schedules just makes you realize that the vulnerability being corrected is really critical.

Normally, MS will release patches on the second Tuesday of the month, that's why it's called Patch Tuesday.

When I got wind of the vulnerability release, I immediately had the patch tested for bugs and rolled out to PCs and laptops with Internet access. It's a good thing that most users in the office don't have Internet Access (was cut off on September 21, an ominous date indeed) and also most of those who have use Firefox.

After a vulnerability's made public (though this exploit has been making the rounds of the underground hacker community for a while now), crackers and miscreants race to develop proof-of-concept codes and exploit the vulnerability, zero day or the next day, aptly called Exploit Wednesday.

For those looking download the latest patch, it's filename is IE7-WindowsXP-KB960714-x86-ENU.exe available at Microsoft Update Website (direct link here)

As for me, I don't use Internet Explorer except for testing and accessing stupid IE-only online banks and websites.

No comments:

Post a Comment