Microsoft February Security Updates
Microsoft has released a cumulative security update for Internet Explorer 7 and 8 that fixes several critical vulnerabilities in the web browser. It is recommended to update Internet Explorer as soon as possible to fix those vulnerabilities. The vulnerabilities are rated critical for Internet Explorer versions running under Windows XP or Windows Vista and moderate for Windows Server 2003 and Windows Server 2008. The article is mentioning downloads for Internet Explorer 8 beta but the linked article does not contain any. This seems to suggest that Internet Explorer 8 is affected by the vulnerability as well. This probably only affects pre release candidate builds of Internet Explorer 8.
The security update fixes the following two vulnerabilities: Uninitialized Memory Corruption Vulnerability and CSS Memory Corruption Vulnerability. Since it is a cumulative update it does apply all previous security updates for Internet Explorer on the computer system.
This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 7 running on supported editions of Windows XP and Windows Vista. For Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Moderate.
The easiest way to update affected systems is to use Microsoft Update which will download and apply the security updates automatically. The other possibility is to download the patch from Microsoft Download and apply it manually.
Microsoft has released three additional security bulletins:
- Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
- Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
- Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
It is highly recommended to update the system as soon as possible to fix the vulnerabilities and protect it against possible exploits.Advertisement