Jan 25 2010
Microsoft IE Patch
Happy New Year! Yes, I know the New Year is almost a month old, but since this is my first blog post this year, I thought I would say it anyway.
Now to the important stuff. There was a new bug discovered in Microsoft’s Internet Explorer. This bug was considered to be such a serious security hole that they took the unusual step of issuing an “out of band” hotfix – meaning that they issued it right away, rather than wait until the normal Patch Tuesday release.
According to SC Magazine:
Microsoft on Thursday delivered an emergency patch to correct seven Internet Explorer vulnerabilities, including at least one known to have been used in the highly publicized attacks against more than 30 brand companies.
Microsoft was forced to acknowledge the flaw last week, when McAfee reported that an IE exploit was one of the malware samples being used to spread data-stealing, espionage trojans to Google, Adobe, Northrop Grumman, Juniper and more than 25 other large companies.
If you have your home PC set up to automatically download and install updates, your system should be protected. However, if you like to manually install updates, you should download and install the update as soon as possible.
There are some reports that this vulnerability is what was used by hackers to compromise the GMail accounts of Chinese dissidents. However, that attack was accomplished using a piece of malware called the Hydraq trojan.
As always, keeping your system updated and your anti-virus current is your first line of defense.