Internet Explorer zero-day vulnerability fix and more!
(Update added January 16, 2010: I noticed traffic to this entry increase dramatically a few days PRIOR to the announcement of ANOTHER, LATER, zero-day vulnerability in Internet Explorer [IE] that was used to attack Google and 33 other American companies, and BEFORE the German federal security agency issued a statement [in German] urging its citizens to use an alternative browser to IE until a patch arrives. Now I know why! 
Sadly, there is no patch, at this time, for the latter vulnerability, for which exploit code has now been released to the Internet. Are you learning from this pattern yet? The Germans have.
(Update added January 23, 2010: Microsoft released a “cumulative critical” patch for the “Google attack” flaw in IE, along with seven other “holes” in IE. )
You can download a version of Firefox [Mac or PC] in an International edition that “speaks your language” here. You can download versions of Safari for Mac or PC here. I use both browsers, on Mac [I wasn’t “born yesterday” ], at the same time. Most of my visitors on PC use Firefox. [Not an endorsement….])
Today Microsoft released fixes for critical vulnerabilities in Internet Explorer (IE), including one for which exploit code has already been released. The cumulative IE bulletin affects all major Windows versions including Windows 7 (which was recently also reported by Prevx to be susceptible to the “Black Screen of Death”), IE 6, IE 7, and IE 8.
The patch release follows another that, among many other things, fixed a critical hole in the Windows kernel.
The bulletins that were released affect Windows 2000, Windows XP, Vista (which Microsoft still reports to be susceptible to remotely triggered “Blue Screen of Death” attacks), Windows 7, Server 2003, Server 2008, Office XP, Office 2003, Project 2000, Project 2002, Office Project 2003, Works 8.5, and Office Converter Pack. Once again, patching holes in Microsoft products looks like a full-time job for a whole crew of people.
I am so happy that my company runs on Macintosh. I have neither the time nor the staff that would be required.
The cumulative IE bulletin should take priority, according to CNET, because the bulletin fixes five holes that could allow an attacker to remotely take control of a system in drive-by download attacks. The fix also addresses a problem with ActiveX control built with Microsoft Active Template Library (ATL) headers that could allow remote code execution.”
I will ask again, “Have ActiveX controls been major problems for their ENTIRE EXISTENCE?“”
Another critical bulletin fixes holes in Windows Internet Authentication Service, and a third fixes a critical vulnerability in Microsoft Office Project.
As for all of the “lesser” vulnerabilities that were patched today, some of which were ranked “important,” you may refer to the CNET article, which provides an overview.
-Bill at
Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”
You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. Apparel and other gifts decorated with some of our most popular photos can be ordered from the Cheshire Cat Photo™ Store on CafePress®. Both Shutterfly™ and CafePress® ship to most international locations worldwide!Framed prints and prints on canvas can be ordered from our galleries on imagekind® and redbubble®. If you don’t see what you want or would like to receive an email when new photos are up on the site, send us an email at info@cheshirecatphoto.com.
