IE Cumulative Security Update Now Available

Today we released a Cumulative Security Update for Internet Explorer. We’ve released this Cumulative Security Update earlier than originally scheduled based on malicious activities reported on the web. The update is available via Windows Update and Microsoft Update. Most users configure their machines to update automatically; you can find more information on that here.

This update actually includes 236 separate packages for all the different languages and versions of Windows and IE that customers run and Microsoft supports worldwide. We release these packages simultaneously for all supported products and languages as part of this update. The complete matrix of browsers, operating systems, and languages is available in the security bulletin. At a high level, these packages cover:


  • Seven operating system versions: Windows 2000, Windows XP, Windows Server 2003, 2008, and 2008 R2, Windows Vista and Windows 7. Customers run 32-bit, 64-bit, as well as Itanium versions of some of these operating systems, as well as a variety of different service packs.
  • Four different versions of IE: 5.01, 6, 7, and 8.
  • All supported languages. Older versions of Windows require separate language-specific packages, typically between 18 and 25. Windows Vista and later operating systems have a single language-neutral binary to update IE.
We test each security fix thoroughly with different variants of the security issue. We also test the entire package extensively for compatibility and reliability, as well as any setup, deployment, and manageability issues. Also, security updates are cumulative and contain all previously released updates for each version of Internet Explorer, to make securing any system (one updated a month ago or never updated at all) easy.

This update addresses several vulnerabilities including the one described here. Other blog posts describe specifics. Some of these vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Note that IE8 users on Windows 7 have extensive defense in depth protections with DEP, ASLR, and protected mode that make remote code execution from a malicious site extremely difficult. Microsoft therefore strongly recommends customers upgrade to IE8 to benefit from these extensive defense in depth protections.

For detailed information on the contents of this update, please see the following documentation:


We encourage everyone to set their operating system to automatically update with the latest security updates for all their software. You can find more information here.



Dean Hachamovitch

IE General Manager

aggbug.aspx

More...
 
So if i understand this correctly, before this update, one can remotely execute code on any client using IE8? Thats embarrassing :P
 

My Computer

System One

  • CPU
    t7200
    Motherboard
    some chinese junk (microstar i think)
    Memory
    1GB
    Graphics Card(s)
    gma 950
    Sound Card
    internal intel hda
    Hard Drives
    Seagate 80GB, 7200rpm (2.5")
    Cooling
    me
    Internet Speed
    20 Mbit/s duplex
I'd like to thank the IE team as I sell custom computers and don't need service calls on a breach,Alan
 

My Computer

System One

  • CPU
    Intel e5300 2.6GHz
    Motherboard
    ASRock G41M-LE
    Memory
    OCZ 4 gig 800 MHz
    Graphics Card(s)
    onboard 4500 GTX
    Sound Card
    Diamond XS 7.1
    Monitor(s) Displays
    19" Insignia HDTV
    Screen Resolution
    60 Hertz
    Hard Drives
    Seagate 500 gig 7200 rpm, WD Green 5400 rpm 800 gig
    PSU
    550 Rocketfish
    Case
    Xion Solaris
    Cooling
    Skythe Katana III
    Keyboard
    eMachines
    Mouse
    Logiteck wireless lazer
    Internet Speed
    3.5 WiFi
    Other Info
    Line in to Yamaha RX-V465 HT receiver, Infinity RS1001 fronts& rear, Cambridge SoundWorks center, Yamaha YST-SW216 subwolf
Back
Top