14 DAY TRIAL // Microsoft has patched no less than three security vulnerabilities affecting Internet Explorer 8 running on the latest iteration of the Windows client. But in addition to resolving security issues for Windows 7’s IE8, the Redmond company has also plugged additional IE security holes on supported versions of the Windows client and server platforms. In total, Microsoft Security Bulletin MS09-072 – Critical - Cumulative Security Update for Internet Explorer (976325) is designed to patch no less than five vulnerabilities, one of which has been disclosed publicly, with proof of Concept code available in the wild.
Internet Explorer users are advised to deploy the security bulletin for IE as soon as possible. The patches have been released on Windows Update, and are currently served to all Windows users. Customers with Automatic Updates enabled will have the patches automatically served to them.
“This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The security update addresses these vulnerabilities by correcting the control and by modifying the way that Internet Explorer handles objects in memory,” revealed Billy Rios, program manager Internet Explorer Security.
Most importantly, Microsoft Security Bulletin MS09-072 is designed to plug a zero-day security hole for which details were made public. It is with MS09-072 that the Redmond company closes the attack vector described in Security Advisory 977981, namely a problem affecting IE 6 and IE 7 so customers.
“This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7 (except when running on supported editions of Windows Server 2003 and Windows Server 2008), and Internet Explorer 8 (except when running on supported editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2). For Internet Explorer 7 and Internet Explorer 8 running on Windows servers as listed, this update is rated Moderate,” Rios explained.
Internet Explorer 8 is available for download here.