Microsoft to release patch for IE hole on Thursday

From CNET News.com: Microsoft said on Wednesday that it will release on Thursday a patch to fix the latest hole in Internet Explorer that was used in the China-based attack on Google and for which an exploit has been released on the Internet since last week.

The company plans to release the patch as close to 10 a.m. PST on Thursday as possible and host a public Webcast at 1 p.m. PST, according to the security advisory.

Microsoft continues to see limited attacks and has only seen evidence of successful attacks against Internet Explorer 6, according to Jerry Bryant, senior security program manager at Microsoft.

"This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical," he said in a statement.

"It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized," Bryant said. "We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released."

Vulnerable software is IE 6 on Microsoft Windows 2000 and IE 6, 7, and 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, Microsoft said.

Microsoft also updated its security advisory on the vulnerability to include technical details to address additional products that may be affected by this vulnerability and to provide guidance related to reports of proof of concept code that bypasses the Data Encryption Protection that can mitigate against attacks.

View: Article @ Source Site