Microsoft's much anticipated security patch for Internet
Explorer is now available from the company's security
website. Users have been advised to download the patch via
Windows Automated Updated.
The MS08-078 patch can be applied to versions of Internet
Explorter from version 5.01 to Internet Explorer 8 Beta 2.
Microsoft urged users to apply this update after applying the
most recent cumulative security update for Internet Explorer. The
update, MS08-078, will be included in a future cumulative security
update for Internet Explorer, it said.
Christopher Budd, Security Response Communications Lead at
Microsoft, and Adrian Stone, Lead Security Program Manager at
Microsoft Corporation are due to present a webcast on the patch
later today at 7pm GMT.
Microsoft said the security hole was caused by an
"invalid
pointer reference" in Internet Explorer, which could enable a
hacker to access memory on the PC, which is used by the browser.
This memory could be used to install a remote application.
Microsoft said a user is logged on with administrative user rights,
an attacker who successfully exploited this vulnerability could
take complete control of an affected system. An attacker could then
install programs view, change, or delete data or create new
accounts with full user rights. Users whose accounts are configured
to have fewer user rights on the system could be less impacted than
users who operate with administrative user rights.
According to
Symantec, users in Asia were most affected by the
vulnerability.