Microsoft's much anticipated security patch for Internet Explorer is now available from the company's security...
website. Users have been advised to download the patch via Windows Automated Updated.
The MS08-078 patch can be applied to versions of Internet Explorter from version 5.01 to Internet Explorer 8 Beta 2.
Microsoft urged users to apply this update after applying the most recent cumulative security update for Internet Explorer. The update, MS08-078, will be included in a future cumulative security update for Internet Explorer, it said.
Christopher Budd, Security Response Communications Lead at Microsoft, and Adrian Stone, Lead Security Program Manager at Microsoft Corporation are due to present a webcast on the patch later today at 7pm GMT.
Microsoft said the security hole was caused by an "invalid pointer reference" in Internet Explorer, which could enable a hacker to access memory on the PC, which is used by the browser. This memory could be used to install a remote application. Microsoft said a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs view, change, or delete data or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
According to Symantec, users in Asia were most affected by the vulnerability.