Microsoft releases critical Internet Explorer patch

By on December 17, 2008, 2:44 PM
Microsoft has just issued an out-of-band security update to fix a critical vulnerability in its Internet Explorer web browser that is being actively exploited. The flaw, which affects all versions from IE 5 to IE 8 Beta 2, lies in the browser’s data binding function and is being actively exploited since last week through specially-crafted web pages.

Although attacks have reportedly been limited, security experts warned that if carried out successfully, it could give an attacker the same user rights as the local user and ultimately the ability gain access to sensitive data. Microsoft is urging users of IE to download and apply the patch as soon as possible via the Windows Update mechanism. This marks the second time in only two months that the company has released a security patch outside of its monthly cycle, following one in October which addressed a dangerous remote procedure call (RPC) error that could result in remote code execution.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.