Wednesday, December 17, 2008

Microsoft Security Bulletin MS08-078 - Critical: Security Update for Internet Explorer (960714)

Microsoft just released an Out-of-Band security bulletin MS08-078. Generally any Out-of-Band security patches are important, because they fix a problem that needs to be addressed now. MS08-078 (960714) is a critical security update for Internet Explorer.

Here is an excerpt from the Microsoft site about this patch: "This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7.

If you can't or don't want to install the patch right now for some reason, here are some instructions on how to set the security level of IE's Internet zone to High. This can protect you by blocking any scripting technology (i.e: Javascript, Flash, Silverlight, etc.) from running on any web site. Although by using this feature you will disable most web sites functionality, such as dropdown menus and animation.
  • Open an Internet Explorer
  • From the Tools menu select Internet Options..., and click the Security tab
  • Click the Internet zone icon in the top part of the dialog box and move the slider control below it to High.
Note: To get around issue this you must add the sites to the Trusted Sites zone, its in the same dialog as the Internet zone outline in the instructions above.

No comments: