Wednesday, December 17th 2008

Microsoft Acts on MSIE RCE Vulnerability, Issues Hotfix

A major security remote code execution (RCE) vulnerability discovered in the Microsoft Internet Explorer set data security agencies on high alert. Microsoft noted that 1 in every 500 internet users were exposed to the vulnerability through unsafe websites. The exploit allows hackers to remotely execute code over an IE session to gain access to, and comprimise a machine.

In a security advisory updated today, Microsoft claims to have acted on the vulnerability by issuing a critical security update MS08-078 that went online at 1:00 PM, EST. The hotfix is available for all current versions of the web browser through Microsoft Update.
Add your own comment

23 Comments on Microsoft Acts on MSIE RCE Vulnerability, Issues Hotfix

#1
Castiel
Wow.
Would this be a good suggestion to do since I don't even use IE?
Posted on Reply
#2
lemonadesoda
What exactly does 1:500 mean? That's a horrible statistic because it has a lot of assumptions in it, and is a horrible "average" of users and uses.

For example, it could be that only 1:10 use credit cards on their PC. Does that mean:
  • For those that use CC, the risk is 1:50?
  • And for those that dont, the risk is zero?
(Just an example)

Earlier today it warning was for IE7. It seems that it is for all IE, since my update is now offering the following:



It's unusual there is no much noise about a security update. It must be serious.

EVERYONE do the update!
Posted on Reply
#3
btarunr
Editor & Senior Moderator
What was meant was, 1 in every 500 got pwned (exposed to malware/hackers) due to that already.
Posted on Reply
#4
sneekypeet
Unpaid Babysitter
This really is a fast fix, I only read about it on Yahoo's homepage yesterday. Got it installed on both rigs now.

Thanks have been added bta!
Posted on Reply
#5
OnBoard
Hmm, better update then. I wouldn't use IE at all, but my stupid bank doesn't work with firefox.
Posted on Reply
#6
PVTCaboose1337
Graphical Hacker
I was hearing from my teacher that some major corporations have shut down their internet till everyone installs the hotfix. Pretty serious if you ask me. I assured him it would be ok, and made sure the computers I was working at had the fix, but still, pretty serious.
Posted on Reply
#7
eidairaman1
by: Castiel
Wow.
Would this be a good suggestion to do since I don't even use IE?
It is a critical Fix, get it because even tho you dont use IE, you still do when you get Windows Updates, and also this exploit could expand beyond IE and make your Machine susceptible to domination
Posted on Reply
#8
Haytch
I still remember buying my 1st modem, it was a 2.4Kb swann crap but got me online. In a day and age where monochrome ruled the Earth, a friend foresore Internet banking become popular and usefull. It was that day i decided to never Internet Bank, never have since, and never will.

Im not saying that anyone that Internet Banks deserves to have all their assets relocated to some foreign country and used for prostitution, i dont know what im saying . . . I think im saying, DONT INTERNET BANK.

As for the unsafe websites, who said you should click on it . . . . Almost all of my clients admit to having gone to an unsafe website where they obtained a bug or two. They all knew it was unsafe, they all subconciously knew they would be harmed, yet they clicked. I try to educate my clients as much as i can. . . That one must guard him/herself and not await 3rd party software to do it for them.

The hotfix is more then welcomed. Educating the public is needed.
Posted on Reply
#9
FordGT90Concept
"I go fast!1!11!1!"
Windows Update on my server notified me of it. Installing now (hope it doesn't require restart)...
Posted on Reply
#10
sneekypeet
Unpaid Babysitter
by: FordGT90Concept
Windows Update on my server notified me of it. Installing now (hope it doesn't require restart)...
sure does!
Posted on Reply
#11
FordGT90Concept
"I go fast!1!11!1!"
If you install via IE7 -> Microsoft Update or Windows Update website, you do. If you install via the integrated Windows Update client, you don't. I didn't have to restart the server but I had to restart my desktop. :(
Posted on Reply
#12
tigger
I'm the only one
I have vista service pack 2 beta on,do i still need the fix?
Posted on Reply
#14
tigger
I'm the only one
I just checked update and it was there so i have just done it.
Posted on Reply
#15
Solaris17
Creator Solaris Utility DVD
by: lemonadesoda
What exactly does 1:500 mean? That's a horrible statistic because it has a lot of assumptions in it, and is a horrible "average" of users and uses.

For example, it could be that only 1:10 use credit cards on their PC. Does that mean:
  • For those that use CC, the risk is 1:50?
  • And for those that dont, the risk is zero?
(Just an example)

Earlier today it warning was for IE7. It seems that it is for all IE, since my update is now offering the following:



It's unusual there is no much noise about a security update. It must be serious.

EVERYONE do the update!
o quite serious i actually was watching the news i think yesterday night and they had a whole thing on it.
Posted on Reply
#16
Triprift
Hopefully thats something windows automatic update would of sent havnt havnt any dramas with ie lately.
Posted on Reply
#17
crazy pyro
I've had no dramas except the usual with IE7 lately, although tbh I only use IE for checking e-mails.
Posted on Reply
#18
NeSeNVi
by: Haytch
The hotfix is more then welcomed. Educating the public is needed.
Totally agreed.
Posted on Reply
#19
Triprift
Just got it now through auto update.
Posted on Reply
#20
csendesmark
I say Ha-Ha if they found ... an other B!G security hole :nutkick:
I dont use InternetSuxxplorer (and I never did)
Opera - Firefox - Chrome This 3 browsers are much better than all Trident based crap
Posted on Reply
#21
Castiel
Well for some reason, windows update just popped up and it had the IE7 update. Now when I Installed and restarted for some reason my computer was not laggy anymore, and it was faster than it was.
Posted on Reply
#22
Triprift
Yeah i noticed the same thing go figure :p
Posted on Reply
#23
crazy pyro
The obnoxious windows update appeared during my download session overnight, thankyou very much MS for updating your crapware and inconveniencing me.
Posted on Reply
Add your own comment