Microsoft Issues Out Of Cycle Patch For Internet Explorer

Microsoft has hurriedly released a cumulative critical patch for Internet Explorer that irons out eight vulnerabilities including the one that was apparently used by Chinese hackers to attack Google and a number of other companies worldwide.

The eight flaws are described in a Microsoft security bulletin, MS10-002, and has been labelled as critical by the company.

They include an XSS filter bypass, four uninitialised memory corruption vulnerabilities, a URL validation vulnerability as well as a pair of HTML object memory corruption weakness.

All recent Microsoft browsers, from Internet Explorer 5.01 to Internet Explorer 8 are affected. Even obscure platforms like Windows Server 2008 for Itanium-based Systems will need to be patched.

The update is targeted at all customers that use any recent Windows operating system coupled as well as Internet Explorer. Even if you don't use Internet Explorer as your main browser, it is advisable to install the patch for peace of mind.

Those on automatic updates will get it automatically once it is released. Microsoft confirmed that it already knew about the problem and had initially planned to release the patch in its monthly "Patch Tuesday" session.

Arguably though, mounting pressures from a number of entities, including the French and German government, convinced Microsoft to think otherwise and proceed to the roll out earlier.

Our Comments

Microsoft has had to act quickly as there has been a number of copycat attacks in China that used the vulnerability. The onus is now on the users themselves to install the patches and make sure that their systems are up to date.

Related Links

Microsoft releases patch for IE hole

(Information Week)

Tim Berners-Lee unveils government data project


Microsoft fixes 8 IE holes, including one used in attacks


Bulletin MS10-002 Released

(The Register)

Microsoft Releases Fix for Hole in Internet Explorer, Encourages Customers to Install Update for “Improved Security”