No. 1 Story
HP job cuts loom for Australian employees
A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.
read moreRelated Articles
December, Patch, Tuesday, includes, urgent, Internet, Explorer, updateMicrosoft is planning to dish up heapin' helpin' of security bulletins next week. So...
Microsoft Windows and Office have once again been exposed for the leaky vessels they...
The debate has flared up once again about whether users should wait for an...
With the news that thousands of web sites are already exploiting an Internet Explorer...
It just seems to get worse for for Microsoft on the Windows security front....
December Patch Tuesday includes urgent Internet Explorer update
Stephen Withers
Wednesday, 09 December 2009 02:31
Page 1 of 2
Microsoft is urging its customers to pay particular attention to this month's security updates. A patch for Internet Explorer is the most urgent, but Windows and Office are also affected.But it's the Internet Explorer flaw that has Microsoft worried. A statement from the Microsoft Security Response Center reads "Please apply the Internet Explorer update right away as it poses the most risk of all the bulletins due to severity and exploitability." [Their emphasis]
This is another 'browse and get owned' vulnerability - visiting a maliciously crafted web page can result in remote code execution.
The bulletin combines a critical security bulletin with a maximum rating on Microsoft's exploitability index. Exploit code is already circulating for Internet Explorer 6 and 7, and Microsoft expects exploits for related vulnerabilities in other versions in the near future.
There is some reassurance that DEP (data execution prevention) makes the vulnerability harder to exploit, and is enabled by default for Internet Explorer 8 on XP SP3, Vista SP1 and later, Server 2008 and Windows 7. However, the underlying issue is still there, even though the issue os only regarded as being of moderate severity on those operating systems.
The Internet Explorer update also addresses four privately reported vulnerabilities.
While bulletins typically describe issues that are if anything more serious on older versions of Windows, there's an exception this month. A pair of privately reported vulnerabilities in the Internet Authentication Service that allow remote code execution are rated moderate on XP, important on 2000, Server 2003 and Vista, but critical on Server 2008. Windows 7 is not affected.
The other critical update this month concerns Project 2000 SP1, 2002 SP1 and 2003 SP3. A maliciously crafted Project file can cause remote code execution, potentially taking full control of the system.
The remaining updates have a maximum rating of important. Find out what they are on page 2.
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
