14 DAY TRIAL // With both Windows 7 and Windows Vista Service Pack 2 still under development, Microsoft is scrambling to patch components of the two operating systems in order to protect users from attacks targeting a Pointer Reference Memory Corruption vulnerability affecting Internet Explorer versions on the two variants of the Windows client. On December 17, the Redmond company released a security update designed to patch holes in Internet Explorer 7 running on Windows Vista SP2 Beta and Internet Explorer 8 Beta running on Windows 7 pre-Beta.
At the same time, considering that Windows Vista and Windows Server 2008 are joined at the hip, Microsoft also made the patch available for IE7 on Windows Server 2008 SP2 Beta, and, in this regard, additionally for Windows 7 Server (Windows Server 2008 R2).
“This issue is categorized as Critical, because it is actively being exploited. In the case of this one, there are websites that have been compromised, or have deliberately been configured, to cause remote execution of code in Internet Explorer. And, as most of you know – any code that is running as you, which you didn’t intend to run, is a potential hole into doing something nasty to your systems or to your information,” Kevin Remde, IT pro evangelist for Microsoft, explained.
The Pointer Reference Memory Corruption vulnerability in IE8 Beta on Windows 7 pre-Beta and IE7 on Vista SP2 Beta and Windows Server 2008 SP2 Beta can potentially be exploited via hijacked or specially crafted malicious webpages. According to Microsoft, the exploit causes IE to exit, and, if successful, it allows for remote code execution.
“This update addresses one remote code execution vulnerability. The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition,” Terry McCoy, program manager Internet Explorer Security, revealed.
“I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.”
Windows Vista SP2 Beta:
Security Update for Internet Explorer 7 in Windows Vista Service Pack 2 (KB960714)
Security Update for Internet Explorer 7 in Windows Vista Service Pack 2 x64 Edition (KB960714)
Windows 7 pre-Beta:
Security Update for Internet Explorer 8 in Windows 7 Pre-Beta (KB960714)
Security Update for Internet Explorer 8 in Windows 7 Pre-Beta 64-bit Itanium Edition (KB960714)
Security Update for Internet Explorer 8 in Windows 7 Pre-Beta for x64-based systems (KB960714)
Windows Server 2008 SP2 Beta: Security Update for Internet Explorer 7 in Windows Server 2008 Service Pack 2 (KB960714)
Security Update for Internet Explorer 7 in Windows Server 2008 Service Pack 2 x64 Edition (KB960714)