Today Microsoft issued emergency patches for Internet Explorer versions 5, 6, 7 and 8, the security update is rated as critical. The update patches 8 vulnerabilities including the one being used in the recent China attacks against Google, Adobe and several other companies.
The most severe vulnerability allows a remote computer to take full control of your computer. If a user enters a malicious website with malware using IE, they may become infected by the malware and allow another user to take complete control over the computer.
According to security company Symantec, this update needed to released as soon as possible, since they are seeing it spread beginning to spread rapidly to other sites on the web.
The new exploit is being hosted on hundreds of Web sites and Symantec detects the malicious HTML pages as Trojan.Malscript!html,”
Josh Talbot, security intelligence manager for Symantec Security Response
The pages contain a shell code that bypasses a warning dialog shown after downloaded file gets executed. The page replaces the code of “MessageBeep API ” so that the Internet Explorer process which attempts to play a beep sound will be terminated.
The end result is a malicious file is downloaded to your PC without you knowing, it’s no wonder that Microsoft rated the update as critical in their Technet Security Bulletin Obviously Microsoft are encouraging users to update their browsers as soon as possible, however they are also stressing the fact that users should be upgrading their browsers to Internet Explorer 8, the latest edition which provides “improved security protection“. Really people need to update to the latest version of IE, IE 6 is 10 years old and still holds nearly 15% of the market, and with that it has it’s outdated UI and as we keep discovering, a lot more vulnerabilities.
But I must say Microsoft are really keeping on top of issuing updates and patches for their browsers and Windows 7. Nearly every time I go to turn off my laptop, I see there is yet another update that’s been automatically downloaded and is waiting to install.
How do you think Microsoft is doing with issuing updates and patches etc…
Let us know in the comments
