Few security scares have stirred up the IT community like this month's Internet Explorer zero day.
The root of the problem is the way the popular browser processes XML, a growing sore spot for the software maker. But its origins pale in comparison to the malware code that preyed on the bug before Microsoft could develop a patch.
Below you'll find some MS08-078 resources, download locations, and some background.
MS08-078 Downloads
Home users should be seeing an Automatic Update alert any minute now, if they haven't already. (To force an update, fire up IE and visit http://update.microsoft.com.)
Similarly, users of Windows Server Update Services (WSUS) will have their patch management tool updated by Microsoft in the same manner.
If you suspect that your machine has already been compromised, this article will point you to some computer forensics tools that you can download and use to rid your machine of the infection.
DIY administrators, testers and researchers will want to visit the MS08-078 bulletin page at TechNet. Finding the files takes a little doing, but there's a handy way of getting to them fast.
Naturally, since it affects several Windows operating systems and service pack levels, you'll have to select your setup(s) from several patches, there's no way around it.
There are two ways to go about it. The first is to visit the related Knowledge Base article, KB960714. Nestled in the ample documentation are tons of download locations in the Hotfixes section.
Or you can visit the Microsoft Download Center, and as per their suggestion, and search for "security update". Sort by date and you're presented with a long list of updates (you're interested in the ones dated 12/17/08).
The Knowledge Base method is generally preferable, but at least there are options. Happy hunting!
Resources
What Happened?
Internet Explorer 5,6 and 7 contain a flaw in the way that they handle XML that Microsoft is classifying as a "Pointer Reference Memory Corruption Vulnerability." In short, with a little know-how, hackers (of the black hat kind) can include some malicious code on a website or spam and use it to transfer trojans and keyloggers onto a Windows system and build up their botnets.
The bigger issue, by and large, is that zero day code appeared in the wild. Zero day describes a situation where malware writers are taking advantage of a vulnerability that has yet to be publicly announced and/or acknowledged by the affected software's vendor, let alone patched.
That leaves the public to use workarounds like tweaking their browser settings (or using another browser for the time being) or trust that third parties will update their security suites to detect the new threats, which many do with varying degrees of success. Nonetheless, an official patch is always the preferable way to deal with a vulnerability.
Resources:
Microsoft Expands Zero-Day IE Warning
Amid Zero-Day Attacks, Microsoft Preps Critical IE Patch
Discuss: The IE7 Bug That Keeps on Giving
The Aftermath
The full impact of this vulnerability is yet to be determined, though early estimates put the number of affected sites at 6,000 and infected users in the two million range, depending on whom you believe.
Over at the Microsoft Security Response Center, they give us a clue as to how big of an update this situation turned into for the company.
Some customers that follow us closely, might know that saying "the update" is a bit misleading, as it is actually over 300 distinct updates for over six versions of Internet Explorer that apply to over 50 different languages. And despite this huge number of distinct updates, they’re all being offered to customers automatically, regardless of their specific Internet Explorer configuration.
Puts things in perspective, doesn't it?
Resources:
Microsoft Patches IE, But Security Issues Remain
Finally, a word of advice: patch ASAP!
This article was first published on EnterpriseITPlanet.com.
Loading Comments...