14 DAY TRIAL // Early adopters running the currently available public release of Internet Explorer 9 need to deploy security patches for their browser just as it is the case for users of IE6, IE7 and IE8.
It’s not uncommon for Microsoft to patch security vulnerabilities in pre-release software, especially if the flaws are rated Critical.
It’s the case for IE9 Beta which contains vulnerabilities patched through Microsoft Security Bulletin MS11-003 Cumulative Security Update for Internet Explorer (2482017).
“Internet Explorer 9 Beta is affected by the vulnerabilities described in this bulletin. Customers running this beta release are encouraged to download and apply the update to their systems.
“Security updates are available from Windows Update. The security updates for this beta are also available for download from the Microsoft Download Center,” revealed Tyson Storey, Lead Program Manager, Internet Explorer.
I included download links for the IE9 February 2011 patches at the bottom of this article. Users are advised to deploy the security updates as soon as possible, especially considering that the security bulletin resolves a 0-day vulnerability already under attack in the wild.
Microsoft confirmed the zero-day security flaw back on December 22nd, 2010. However, only with the release of MS11-003 customers have available a patch for the CSS Memory Corruption Vulnerability - CVE-2010-3971.
“A remote code execution vulnerability exists in the way that Internet Explorer accesses memory while importing a Cascading Style Sheet that refers to itself recursively,” Microsoft explained.
“An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Internet Explorer 9 (IE9) Beta is available for download here.
Internet Explorer 9 (IE9) Platform Preview 7 (PP7) is available for download
here.
Cumulative Security Update for Internet Explorer 9 Beta in Windows Server 2008 x64 Edition (KB2482017) - download here
Cumulative Security Update for Internet Explorer 9 Beta in Windows 7 x64 Edition (KB2482017) - download here
Cumulative Security Update for Internet Explorer 9 Beta in Windows 7 (KB2482017) - download here
Cumulative Security Update for Internet Explorer 9 Beta in Windows Server 2008 R2 x64 Edition (KB2482017) - download here
Cumulative Security Update for Internet Explorer 9 Beta in Windows Vista (KB2482017) - download here
Cumulative Security Update for Internet Explorer 9 Beta in Windows Server 2008 (KB2482017) - download here
Cumulative Security Update for Internet Explorer 9 Beta in Windows Vista x64 Edition (KB2482017) - download here