Dec 2008: Microsoft Security Bulletin: MS08-078 | Tony Bradley

Dec 2008: Microsoft Security Bulletin: MS08-078

by Tony Bradley • December 17, 2008 • 2008
As predicted in the regular monthly Security Bulletins summary earlier this month, Microsoft has issued a supplemental update just for Internet Explorer. The good news is that the additional Security Bulletin still leaves the total for 2008 between 70 and 80 so it doesn’t impact the winners of last year’s poll.

For the second time in three months, a critical flaw required urgent patching. Internet Explorer has been impacted by a zero-day exploit circulating in the wild which could download malicious Trojans to vulnerable systems.

This is what Microsoft Security Bulletin MS08-078 has to say about the update:

This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7. For information about Internet Explorer 8 Beta 2, please see the section, Frequently Asked Questions (FAQ) Related to This Security Update. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 961051.

It is important to note that this update for Internet Explorer is not cumulative. You should first apply the most recent cumulative update (MS08-073) before applying this update.

Take a look at the Security Bulletin and follow the link to get the necessary patches to protect your system from exploits targeted at this vulnerability.

Microsoft Security Bulletin MS08-078
Security Update for Internet Explorer
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms8-078.mspx
Tags: additional security, administrative user, Affected, affected software, beta, Bulletin, Bulletins, could allow remote code execution, Explorer, explorer 6 internet, FAQ, information, internet, internet explorer 5, internet explorer 6 service pack 1, internet explorer 7, internet explorer 8, internet explorer users, Microsoft, microsoft security advisory, microsoft security bulletin, month, news, s poll, section, security, security bulletins, service pack 1, subsection, summary, system, total, Update, user, using internet, vulnerability, vulnerable systems, year, zero day
About Tony Bradley

Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

http://www.tonybradley.com
My Sites
Testimonials
“Tony is not only an expert on network security, he's also a talented writer who can portray complicated issues in a manner that is both clear and insightful. He's an excellent resource for anyone with an interest in or in need of information on the topic.”
Alison Doyle
About.com
Twitter
- Facebook marketing may not be worth it for GM's $10 million, but that doesn't mean that Facebook ads don't work. It… https://t.co/4ilENa2T about 23 hours ago from ManageFlitter Reply Retweet Favorite
- Why Facebook Marketing Doesn't Work for GM. http://t.co/WN0RBkxa about 23 hours ago from TweetDeck Reply Retweet Favorite
- New and Improved SkyDrive Is a Threat to Dropbox. http://t.co/7pblpuQ7 01:58:01 PM May 16, 2012 from web Reply Retweet Favorite
@thetonybradley
Facebook

Tony Bradley on Facebook