Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Wednesday, 17 December 2008 08:09

Microsoft IE vulnerability to receive urgent fix Wednesday

By
Tomorrow, the 18th of December at 5am (Australian Eastern Standard Time), the 0-day security vulnerability that has embarrassed Microsoft into action will receive the urgently needed patch that will restore balance to the force and (temporarily) shut Linux zealots up.

After an Internet Explorer vulnerability was “accidentally” let loose onto the world the day before the most recent “Patch Tuesday” by the Chinese security researchers that discovered it, pressure has been building on Microsoft to urgently release a patch to fix the embarrassing problem.

Security researchers, companies, technology journalists, Mac fans and Linux zealots have all been as one in urging (or lambasting) Microsoft into fixing the problem quickly, shutting down an attack vector in place on thousands of websites that could allow “remote code execution” to take place on any computer running any recent version of Internet Explorer.

Although the attack is most likely to occur on sites offering pornography or pirate software, or other rogue sites (particularly in China), legitimate web sites have also reportedly been attacked by hackers to trap users who either wouldn’t normally go to unsavoury sites or who are avoiding them while the bug remains unpatched.

Microsoft had initially issued instructions on its “security page” to set Internet Explorer security settings to a higher level, while another common piece of advice on the Internet simply revolved around using Firefox or some other browser, either in perpetuity or at least until an official patch was issued.

Microsoft Australia has issued the following statement which closely mirrors statements issued by other Microsoft offices around the world, in response to the threat:
 
“In light of a recently discovered vulnerability in Internet Explorer that affects all versions and allows for remote code execution, Microsoft teams world wide have been working around the clock to develop a security update to help protect our customers and has just released the Advanced Notification Service advising customers that Microsoft will be providing a Security Update at roughly 5am, December 18th, to protect them from the vulnerability discussed in Microsoft Security Advisory 961501.

“To date, the impact on Microsoft’s Australian customers has been minimal and Microsoft is not advising Internet Explorer users to switch browsers.

“The Microsoft Security Response Center continues to monitor the threat landscape while working, and sharing information with, partners around the globe through the Microsoft Active Protections Program to help protect our mutual customers.”

Microsoft’s advisory and notification on how to protect your computer both now and importantly from tomorrow onwards when the patch is launched continues on page 2, as does information on software that would protect your banking transactions whether you are affected by the vulnerability or not... please read on.


Microsoft Australia’s statement continues: “Until the update is available, Microsoft strongly encourages customers to follow the Protect Your Computer Guidance at www.microsoft.com.au/security, which includes activating the Automatic Update setting in Windows to ensure that they receive the update as soon as it is available, enabling your firewall, ensuring your antivirus and antispyware is up to date. 

“Those who already have Automatic Updates enabled will receive the patch as soon as it is available, for those who do not have Automatic Updates enabled, Microsoft recommends visiting www.microsoft.com.au/security and clicking on Latest Security Updates Customers.

“They can also take additional precautions by setting their Internet Explorer security settings to “High” and using Internet Explorer 7 in “Protected Mode. 

“Microsoft is hosting a webcast to address customer questions on this bulletin on 17 December, 2008 at 1:00PM Pacific Time (US & Canada)/ 18 December, at 8:00AM AEDT (NSW, VIC, ACT).  (Tuesday in the US, Wednesday in Australia).

“Register now for the Out-of-band December Security Bulletin Webcast.

“After this date, this webcast is available on-demand.”

So, although it would have been a lot better had a patch been made earlier, a patch is finally on the way, well outside of Microsoft’s normal monthly “Patch Tuesday” schedule, to respond to the threat.

It’s also important for Mac and Linux users, and users of other browsers feeling smug about the issue that security vulnerabilities are regularly found and patched – even on Linux – and regularly updating your operating system/browser/software is vital, no matter what OS you use.

It’s also important to ensure your Internet security software is the latest version and is always set to update automatically.

It’s also worth buying and installing browser independent security software such as TrustDefender. This would shut down any banking Trojans that may have been loaded after unpatched exposure to an infected site, thus protecting your banking transactions even if your computer is otherwise infected to the gills with known or unknown malware – see details at TrustDefender’s site for more information.



Subscribe to Newsletter here

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

BACK TO HOME PAGE

ZOOM WEBINARS & ONLINE EVENTS

Channel News

VENDOR NEWS & VIEWS

REVIEWS

Comments

Guest Opinion