14 DAY TRIAL // Microsoft has made available for download a series of security updates designed to patch pre-RTW copies of Internet Explorer 8 on Windows 7 Beta Build 7000. On April 14, 2009, the Redmond company released the Microsoft Security Bulletin MS09-014 – Cumulative Security Update for Internet Explorer (963027) rated Critical, patching no less than six vulnerabilities affecting IE. Internet Explorer 8 RTW (release to web) is not affected on any previous releases of Windows, including Windows XP SP3 and Windows Vista SP1, Microsoft informs. However, not the same can be said about the pre-release version of IE8 which ships as a default component of the Windows 7 client and Windows Server 2008 R2.
Microsoft has failed to disclose the exact number of vulnerabilities patched in IE8 on Windows 7 but, as a general rule, the company only plugs Critical security holes in pre-release software. However, the six vulnerabilities resolved by MS09-014 have received different security ratings, in accordance with the underlying platform. However, the issues affecting IE7 on Windows 7 are related to Page Transition memory and Uninitialized memory vulnerabilities. This means that even if non-Critical security vulnerabilities plague IE8, Microsoft will not offer patches to end users until Windows 7 will be wrapped up. This is not the case for previous releases of IE on already final versions of Windows.
“This update addresses four privately reported vulnerabilities and two publicly disclosed vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer searches the system for files to load, performs authentication reply validation, handles transition errors when navigating between Web pages, and handles memory object,” revealed Terry McCoy, program manager, Internet Explorer Security.
At the same time, Microsoft has issued patches for Internet Explorer 7 on pre-RTM copies of the Windows operating system, namely Windows Vista SP2 and Windows Server 2008 SP2. “This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, Internet Explorer 6, and Internet Explorer 7 running on all supported editions of Windows 2000, Windows XP and Windows Vista. For Internet Explorer versions running on all supported editions of Windows Server 2003 or Windows Server 2008, the update is rated Important,” McCoy added.
- Security Update for Internet Explorer 8 in Windows 7 Client Beta - Security Update for Internet Explorer 8 in Windows 7 Server Beta 64-bit Itanium Edition - Security Update for Internet Explorer 8 in Windows 7 Client Beta for x64-based Systems - Security Update for Internet Explorer 8 in Windows 7 Server Beta for x64-based Systems - Security Update for Internet Explorer 7 in Windows Server 2008 64-bit Itanium Edition - Security Update for Internet Explorer 7 in Windows Server 2008 Service Pack 2 Release Candidate - Security Update for Internet Explorer 7 in Windows Server 2008 Service Pack 2 Release Candidate x64 Edition - Security Update for Internet Explorer 7 in Windows Vista Service Pack 2 Release Candidate - Security Update for Internet Explorer 7 in Windows Vista Service Pack 2 Release Candidate x64 Edition