Microsoft has released an out-of-band security patch for Internet Explorer which fixes a security vulnerability that is actively exploited on the Internet. Actively exploited means that attackers try to exploit the vulnerability through attacks on unpatched versions of the web browser.
The patch has caused some confusion as reported by Ed Bott since the the security vulnerability that caused the emergency update to be released is only affecting Internet Explorer 6 and Internet Explorer 7.
The patch that Microsoft has released is a cumulative update however with patches that will fix Internet Explorer 8 security vulnerabilities as well.
This caused confusion as some users assumed that IE8 is also affected by the vulnerability when in fact it is not.
The information posted by Microsoft is the following:
MS10-018 resolves Security Advisory 981374, addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory
MS10-018 is a cumulative update with the patch for Security Advisory 981374 being one of the patches included in the release.
This basically means that Internet Explorer 8 is unaffected by that one vulnerability but affected by others that are included in the cumulative update as well. This is confirmed by the affected and unaffected software listing on the security bulletin page which lists the severity as critical for Internet Explorer 8 as well.
Windows users should install the update as soon as possible to protect their computer system from possible exploits. The update is also available at the Microsoft Download site but can be installed using Windows Update as well.
It is important to note that Windows users should install patches for their operating systems and programs when they are made available. While this particular patch and the delivery of it caused some confusion, it should not really impact the result and that is to install the patch if it is provided.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.