A New IE Patch from Microsoft
Microsoft, on 30th March, 2010, made an announcement stating that it would issue a security update for Internet Explorer (IE) in the emergency category. This update is designed to patch up any security gap that has taken place in the last few weeks. The update is, indeed, crucial in that sense. Microsoft is known for its zero tolerance attitudes towards a security breach lest that destroys its goodwill in the market.
The update is, in fact, an update that is out of the previously settled communication method of Microsoft. Microsoft generally issues updates like this once in a month and this time it is breaking that trend. It is worth mentioning contextually that Microsoft Corporation last dispatched a rush Internet Explorer update to its customers in the late January this year. It was intended to repair as many as eight defects in its browser application. Even, one of these defects had been manipulated by the hackers to attack the networks of several business corporations. These networks included those of even the giants like Google and Adobe. This has definitely been regarded as a potential threat to the safety reputation of MS Internet Explorer pretty decisively.
By means of an updated advisory, Microsoft has laid down that the patch is being released on an emergency basis to safeguard the security of the IE 6 and IE 7 users explicitly. As the corporation did in the month of January, this latest out-of-band update would patch rather more than only the zero-day. It would plug the critical holes that are being suspected to be there in every version of IE. The listing includes the most recent IE 8 too.
The security update has been designed according to not only the vulnerabilities that were exposed in the recent attacks, but also the privately reported susceptibilities of almost all the versions of the browser in discussion. This testifies the fact that the software giant has amply reflected on the security issues related to its web browsing software rather for a long time.
Microsoft first cautioned the users of some susceptibility in IE 6 and IE 7 on 9th March, 2010. Then it stated that the bug that was affecting the browsers in a limited way. The IE 5.01 was supposed to be immune to it, and the IE 8 was too regarded as safe. Also, the Microsoft Corporation described the attacks as targeted, which generally means that the threat entailed small-scale exploitations only. But within two days, the scenario almost turned upside down! Drive-by attacks in the form of Denial of Service and other attacks were spotted soon. These attacks were carried out through malicious sites, and a researcher from Israel had made public the exploit code on Internet.
In such circumstances, the very latest announcements have taken aback the researchers worldwide. The Chief Technology Officer of the security service provider Qualys, Wolfgang Kandek, said that he expected the patch would not be released so soon. This emergency patching rather unarguably signals to the possibility of greater security susceptibility. In other words, this means that the number of attacks and attempts of exploitation has amplified in the recent days. Andrew Storms, who is the director of nCircle’s security operations (Network Security), also gave a similar opinion.
Previously, in the month of February, Microsoft had cautioned the users of a bug that trenched in the Internet Explorer on Windows XP platform. Earlier in March, Microsoft again instructed those who used the browser that better they do not press the key “F1” in case a website prompted them to do so in the course of Internet surfing. In both the cases, Microsoft stated that the vulnerability allowed the PCs even to be hijacked altogether by a skilled hacker.
The IE update under discussion would be deployable in all the versions of Internet Explorer (from 5.01 to 8) and influence all the supported versions of Windows, including the latest ones like the Windows Server 2008 R2.