Storage Daily
Security Daily
Networking Daily
 FREE NEWSLETTERS
search
 

follow us on Twitter


internet.commerce
Be a Commerce Partner

internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers


Related Articles
Amid Zero-Day Attacks, Microsoft Preps Critical IE Patch
Heed this Pre-Holiday Patch Tuesday

Security Products
 WebAllow (Ashkon Technology LLC)
 USB Port Protection Software (Keylogger)
 Google Chrome Password Recovery (XaviWare Software Ltda.)
 Access Password Recovery (Barcode Design Software)
 Lock Folder Lock File! (Lock Folder Lock File! Software)
 Recover Thumb Drive Files (Data Recovery Software Downloads)
» Enterprise IT Planet » Security » Security Features

Critical Internet Explorer Patch: MS08-078 Resource Center

By Pedro Hernandez
December 18, 2008

Email Print Digg This Add to del.icio.us

Internet Explorer - MS08-078 ResourcesFew security scares have stirred up the IT community like this month's Internet Explorer zero day.

The root of the problem is the way the popular browser processes XML, a growing sore spot for the software maker. But its origins pale in comparison to the malware code that preyed on the bug before Microsoft could develop a patch.

Below you'll find some MS08-078 resources, download locations, and some background.

MS08-078 Downloads

Home users should be seeing an Automatic Update alert any minute now, if they haven't already. (To force an update, fire up IE and visit http://update.microsoft.com.)

Similarly, users of Windows Server Update Services (WSUS) will have their patch management tool updated by Microsoft in the same manner.

If you suspect that your machine has already been compromised, this article will point you to some computer forensics tools that you can download and use to rid your machine of the infection.

DIY administrators, testers and researchers will want to visit the MS08-078 bulletin page at TechNet. Finding the files takes a little doing, but there's a handy way of getting to them fast.

Naturally, since it affects several Windows operating systems and service pack levels, you'll have to select your setup(s) from several patches, there's no way around it.

There are two ways to go about it. The first is to visit the related Knowledge Base article, KB960714. Nestled in the ample documentation are tons of download locations in the Hotfixes section.

Or you can visit the Microsoft Download Center, and as per their suggestion, and search for "security update". Sort by date and you're presented with a long list of updates (you're interested in the ones dated 12/17/08).

The Knowledge Base method is generally preferable, but at least there are options. Happy hunting!

Resources

MS08-078 Bulletin

KB960714

What Happened?

Internet Explorer 5,6 and 7 contain a flaw in the way that they handle XML that Microsoft is classifying as a "Pointer Reference Memory Corruption Vulnerability." In short, with a little know-how, hackers (of the black hat kind) can include some malicious code on a website or spam and use it to transfer trojans and keyloggers onto a Windows system and build up their botnets.

The bigger issue, by and large, is that zero day code appeared in the wild. Zero day describes a situation where malware writers are taking advantage of a vulnerability that has yet to be publicly announced and/or acknowledged by the affected software's vendor, let alone patched.

That leaves the public to use workarounds like tweaking their browser settings (or using another browser for the time being) or trust that third parties will update their security suites to detect the new threats, which many do with varying degrees of success. Nonetheless, an official patch is always the preferable way to deal with a vulnerability.

Resources:

Microsoft Expands Zero-Day IE Warning

Amid Zero-Day Attacks, Microsoft Preps Critical IE Patch

Discuss: The IE7 Bug That Keeps on Giving

CVE-2008-4844

The Aftermath

The full impact of this vulnerability is yet to be determined, though early estimates put the number of affected sites at 6,000 and infected users in the two million range, depending on whom you believe.

Over at the Microsoft Security Response Center, they give us a clue as to how big of an update this situation turned into for the company.

Some customers that follow us closely, might know that saying "the update" is a bit misleading, as it is actually over 300 distinct updates for over six versions of Internet Explorer that apply to over 50 different languages. And despite this huge number of distinct updates, they’re all being offered to customers automatically, regardless of their specific Internet Explorer configuration.
Puts things in perspective, doesn't it?

Resources:

Microsoft Patches IE, But Security Issues Remain

MS08-078 Released - MSRC Blog

Webcast 1

Webcast 2

Finally, a word of advice: patch ASAP!

Email Print Digg This Add to del.icio.us

Security Features Archives




The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Article: Adobe Helps PHP Developers Create Rich Internet Applications
Case Study: Microsoft IT Strengthens Security with Data Loss Prevention Solution
Article: Reduce Your Infrastructure Costs with Microsoft System Center
Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
Article: Security Enhancements Abound in Windows Server 2008
Article: Enterprise Social Computing with Microsoft SharePoint 2010
Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs
 Microsoft Whitepaper: Improve Communications and Collaboration
Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
Microsoft Personalized Whitepapers and Resources for You
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Video: How System Center Helps Reduce IT Costs
IBM Cloud Computing for Developers Virtual Event, April 6-8
Microsoft Video: OCS and Exchange: Platform Futures
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
Iron Speed Designer Application Generator
 MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Learn Unified Communications
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
Learn Forefront
 Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES