Internet Explorer out of band patch released, update now

Microsoft has issued security hot-fixes to patch a security vulnerability in Internet Explorer which saw Google fall victim to some targeted and sophisticated attacks recently.

The vulnerability was unveiled when Google went public that they were targeted in a sophisticated cyber-attack. The breach, involving Internet Explorer 6, resulted in the theft of intellectual property. Due to the attack, and the background behind it, Google announced it will no longer be providing censored results for its Chinese Google search engine. Currently Google offers censored search results as part of an agreement with the Chinese government.

Microsoft has been busy working on a fix for the issues and decided an out of band patch was required. Whilst it's a rare decision these days, Microsoft could ill afford to wait three weeks until the next "patch Tuesday" on February 9.

Since the news of the un-patched flaw broke, Microsoft has been on damage limitation. This week Microsoft began urging businesses and consumers to upgrade to Internet Explorer 8, explaining that the security benefits are far greater than that of Internet Explorer 6. Both the French and German governments warned their populations to cease using Internet Explorer due to the un-patched flaw. Currently the flaw exists in Internet Explorer versions 6, 7 and 8 but exploit code is only available for Internet Explorer 6.

Windows Desktop downloads:

Windows Server downloads:

Thanks to Steven Bink at Bink.nu for the news tip

Report a problem with article
Previous Story

Amazon is basically giving away Kindles, for free

Next Story

A Tool to Deceive and Slaughter

34 Comments

Commenting is disabled on this article.

This patch is breaking the redirection of our internal links, on any IE versions. Did anyone else notice anything like this?

If you have 64 bit, it'll only let you install the x64 patch, NOT the 32 bit patch. Even if you have the 32 and 64 bit version of IE

14Mbyte is on average a ~20 second download for most people. If you can't be bothered to use a minute on security you might as well volunteer as a guinea-pig on the russian-spam/virii forums.

PLEASE MICROSOFT:
Include Auto-Updater for IE like FF, when IE start, before doing anything it checks if there are any updates\new versions for IE, or if there are any plugins installed on it reported as malware, fix that, then AFTER THAT starts.
Why the *** they don't wanna do that ? it will fix them hell of problems.

torrentthief said,
14mb for a security fix is crazy!

firefox 3.6 is only 8mb!

Firefox is standalone, where IE integrates in to the actually OS.
And before you ask, I actually use Google Chrome as primary as a personal choice.

This was true some time ago, but Windows Vista and 7 can live quite independent of IE now. If what you're suggesting is true, then the OS would be vulnerable as well as the browser.

torrentthief said,
14mb for a security fix is crazy!
firefox 3.6 is only 8mb!

Keep in mind that on a 64-bit system there are two versions of IE to update (the 32-bit and the 64-bit versions). The 32-bit download is 7MB.

briangw said,
Where are the server links? C'mon, MS! Update your page already!

Do we not have an Edit button for these comments anymore?

I just saw that you guys updated the server information. Thanks!

briangw said,

Do we not have an Edit button for these comments anymore?

I just saw that you guys updated the server information. Thanks!


No problem. We do have an edit button but it times out fairly quick to stop people removing stuff they don't want mods to see.

Tom W said,

No problem. We do have an edit button but it times out fairly quick to stop people removing stuff they don't want mods to see.

Ahh, thank you. And great job with the site!!!!

radikaalis said,
HAhA,IE have hard times now. Hope it will be more and more bugs explored and published.

If your #1, your the biggest target.

radikaalis said,
HAhA,IE have hard times now. Hope it will be more and more bugs explored and published.

What a pointless comment. Having people's systems infected with malware is not a good thing.

radikaalis said,
HAhA,IE have hard times now. Hope it will be more and more bugs explored and published.

why do you hate IE?
because firefox is less secure?
(no sandbox, 120 flaws a year / vs 30 for IE)

have you got infected by 0day flaws in adobe reader or flash when surfing with firefox while your friends running IE didn't because they were protected by the sandbox?

XD

Nice to see such a prompt response. Hopefully this will get some people off microsofts back and also bring attention to the inexcusable crime of STILL running IE6 in this day and age.

empty said,
Nice to see such a prompt response. Hopefully this will get some people off microsofts back and also bring attention to the inexcusable crime of STILL running IE6 in this day and age.

Yep but also noticed they've also patched IE5. Whoever is still running those wants a brain transplant.

empty said,
Nice to see such a prompt response. Hopefully this will get some people off microsofts back and also bring attention to the inexcusable crime of STILL running IE6 in this day and age.

that's really fast!
only 7 days to build the patch, search for other releated flaws and fix them, and test it on hundreds of versions of windows (100+ languages, dozen of versions of windows and their supported service packs, and test compatibility with thousands of apps to verify nothing is broken by the update)

last time there has been a critical 0day attack hurting the lastest version of IE, it was 4 years ago (the WMF exploit), and it took MS 12 days to build, package, and test the patch.

good to see that IE8 running vista and 7 have not suffered from this attack