Microsoft February Security Updates
Microsoft has released a cumulative security update for Internet Explorer 7 and 8 that fixes several critical vulnerabilities in the web browser. It is recommended to update Internet Explorer as soon as possible to fix those vulnerabilities. The vulnerabilities are rated critical for Internet Explorer versions running under Windows XP or Windows Vista and moderate for Windows Server 2003 and Windows Server 2008. The article is mentioning downloads for Internet Explorer 8 beta but the linked article does not contain any. This seems to suggest that Internet Explorer 8 is affected by the vulnerability as well. This probably only affects pre release candidate builds of Internet Explorer 8.
The security update fixes the following two vulnerabilities: Uninitialized Memory Corruption Vulnerability and CSS Memory Corruption Vulnerability. Since it is a cumulative update it does apply all previous security updates for Internet Explorer on the computer system.
This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 7 running on supported editions of Windows XP and Windows Vista. For Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Moderate.
The easiest way to update affected systems is to use Microsoft Update which will download and apply the security updates automatically. The other possibility is to download the patch from Microsoft Download and apply it manually.
Microsoft has released three additional security bulletins:
- Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
- Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
- Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
It is highly recommended to update the system as soon as possible to fix the vulnerabilities and protect it against possible exploits.
Advertisement
BillB:
Not bad, but the advantage my suggestion has over yours is the ability to install and walk away as it will do everything for you.
In addition to Heise (above), you can get an offline installer for all updates at:
http://www.windowsupdatesdownloader.com/
http://www.heise.de/ct/projekte/offlineupdate/download_uk.shtml
Allows you to make a scripted based install for all updates, also allows you to download and backup all updates too, will download service but there is a choice not to.
Honestly, I am tired of downloading updates every week. This creates a major hassle when I reinstall the system (which is usually once a year), downloading another Gb or so updates every time.
Just curious if there is any offline installer for all the updates release so far, except SP2 and SP3. I knew one but heard lastly that they got a notice for Microsoft and they pulled down the site. Any other alternative?
Thanks in advance.