Internet Explorer vulnerability patch due tomorrow

As Neowin reported yesterday, the out-of-band security vulnerability patch will be released on January 21, 2010.  The security patch will address a remote code execution hole found in Internet Explorer 6, 7 and 8.

The vulnerability was unveiled when Google went public that they were targeted in a sophisticated cyber-attack. The breach, involving Internet Explorer 6, resulted in the theft of intellectual property. Due to the attack, and the background behind it, Google announced it will no longer be providing censored results for its Chinese Google search engine. Currently Google offers censored search results as part of an agreement with the Chinese government.

Microsoft has been busy working on a fix for the issues and has decided an out of band patch is required. Whilst it's a rare decision these days, Microsoft could ill afford to wait three weeks until the next "patch Tuesday" on February 9.

The update affects Microsoft Windows 2000, XP, Vista, 7, Server 2003 and Server 2008.

This update does require a restart.

Thanks to Sudo for the news tip!

Report a problem with article
Previous Story

Windows has a 17 year old un-patched vulnerability

Next Story

A brief history of technology

34 Comments

Commenting is disabled on this article.

Dumb question if a user is Running UAC on Windows 7 64bit with UAC settings being setup defaults, are those users still at risk

tunafish said,
Dumb question if a user is Running UAC on Windows 7 64bit with UAC settings being setup defaults, are those users still at risk

64bit versions of Windows are not affected

[quote=Odom said,]

64bit versions of Windows are not affected[/quote

All version are effected including 64bit of serves.

It's great that they're not leaving the hole open until at least February, but c'mon... the same people/companies running IE 6 are NOT going to update their computers with this patch.

More than half our company runs IE6 and I'll be sure to log an emergency change and roll this out asap. With some quick testing might have it done by the end of next week.

Odom said,
More than half our company runs IE6 and I'll be sure to log an emergency change and roll this out asap. With some quick testing might have it done by the end of next week.

so two weeks before something is finally done *slow clap*

Wouldn't want to find out that this untested update breaks all our other applications.

Maybe in your company you just deploy anything that is released on the spot without testing, but we run a greater risk and will incur more costs in deploying an untested patch if other things don't work anymore during the process.

sure to some ppl a restart costs major $..
but i still dont understand why people still want firefox to rule the world.. only because of one big flaw in IE? or because all the other flaws in IE?! every single browser test states that firefox is the absolute slowest browser of all..
so why all the ranting.. let them be.. theres no wonder anyway the IE has the biggest marketshare.. not only cuz its always on windows.. but because people actually use it!

x-tarek said,
every single browser test states that firefox is the absolute slowest browser of all..

Well I find that IE8 is slower on the same system that I use compared to FF, and I did do one of the javascript tests and it did backup my feeling.

x-tarek said,
sure to some ppl a restart costs major $..
but i still dont understand why people still want firefox to rule the world.. only because of one big flaw in IE? or because all the other flaws in IE?! every single browser test states that firefox is the absolute slowest browser of all..
so why all the ranting.. let them be.. theres no wonder anyway the IE has the biggest marketshare.. not only cuz its always on windows.. but because people actually use it!


"but i still dont understand why people still want firefox to rule the world.. "
You mean it doesn't?

Right on , MS!!

Edited by cork1958, Jan 21 2010, 9:18am :

duneworld said,

Well I find that IE8 is slower on the same system that I use compared to FF, and I did do one of the javascript tests and it did backup my feeling.

Every single test show IE8 to slower then any other browser. twice slower than firefox, 20 times slower than chrome.

i really think MS has gotten a really bad PR with all the undue & uneducated publicity it's received in the past week. hopefully this will put some rnd to all that.

Meh, if you want to stay secure just use the browser that isnt on top. Why is internet explorer always targeted by hackers? Because it is the most used browser and therefore has the biggest audience.

Once firefox rules the interwebz, im sure the same will happen to that. Its a neverending circle.

I suppose this is why Microsoft have bad press when it comes to security. Their almost perfect monopoly is causing them to be targeted the most.

Meph said,
I suppose this is why Microsoft have bad press when it comes to security. Their almost perfect monopoly is causing them to be targeted the most.

Microsoft has a significantly BETTER record on security then they are given credit for. It's the press that is the problem, actually. They're almost always quick to patch flaws and known exploits and do it often. their development process has improved a lot, and there are much fewer security holes being exposed now then in the past... The perception is they suck, doesn't make it true.

as for their "perfect monopoly" that...hasn't existed for a long time and arguably never really did... Was it operating as a monopoly and engaging in anti-competitive behavior? legally apparently so... but was it a "perfect monopoly"? get over yourself.

Edited by AgentGray, Jan 20 2010, 9:40pm :

AgentGray said,

Microsoft has a significantly BETTER record on security then they are given credit for. It's the press that is the problem, actually. They're almost always quick to patch flaws and known exploits and do it often. their development process has improved a lot, and there are much fewer security holes being exposed now then in the past... The perception is they suck, doesn't make it true.

as for their "perfect monopoly" that...hasn't existed for a long time and arguably never really did... Was it operating as a monopoly and engaging in anti-competitive behavior? legally apparently so... but was it a "perfect monopoly"? get over yourself.

+1

"This update does require a restart."
I was neutral about this news until that line.
Other than this line, I couldn't care less... it's now its a nuisance.

Spaceoff said,
"This update does require a restart."
I was neutral about this news until that line.
Other than this line, I couldn't care less... it's now its a nuisance.

I'm sorry, but a darn reboot isn't going to kill you...

I used like my uptime till I realized turning it off at night saved me nearly $15 a month.

Think would you pay someone to keep your uptime? Well thats what these uptime egos do.

PS not counting servers etc

stevember said,
I used like my uptime till I realized turning it off at night saved me nearly $15 a month.

Think would you pay someone to keep your uptime? Well thats what these uptime egos do.

PS not counting servers etc

for some ppl a restart could cost $
but i agree on turning it off at night, ive started doing the same

Neoauld said,

for some ppl a restart could cost $
but i agree on turning it off at night, ive started doing the same

Yeah my system running 12hrs a day for 30 days costs me about $14 a month to run... turning it off half the day definatly saves money

Spaceoff said,
"This update does require a restart."
I was neutral about this news until that line.
Other than this line, I couldn't care less... it's now its a nuisance.

A restart isn't that big a deal really... Sometimes they're unavoidable... I'd prefer a fix personally.

Spaceoff said,
"This update does require a restart."
I was neutral about this news until that line.
Other than this line, I couldn't care less... it's now its a nuisance.

in all due respects, if you're running Internet explorer 6 then you should be beaten without mercy. Get with the programme - it's 2009, upgrade Internet Explorer 8 already.