Microsoft releases Emergency Patch for Internet Explorer Zero Day Flaw; Neither Admits nor Denies Anything
Today, Microsoft released Security Bulletin MS10-002, titled “Cumulative Security Update for Internet Explorer”. Though no specific acknowledgement or denial has been made on Microsoft’s part, investigation to date, by third party computer giant McAfee and independent researchers, has pinned blame for China’s alleged infiltration of Google’s network on this previously unmitigated (and apparently unknown) vulnerability. The bulletin’s Executive Summary states:
“This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Versions of Internet Explorer affected include: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8. Affected Microsoft Operating Systems run the gamut from Windows 2000 SP4/Windows Server 2003 to the most current iterations Windows 7/Windows Server 2008. Microsoft operating system home users, with Automatic Updates configured, should have the patch installed automatically. For system and network administrators, the patch should be tested prior to actual deployment, since the newness of the patch prohibits stating with certainty that web-based applications, dependent upon Internet Explorer, will not be negatively affected.
In either case, this patch is a “must install” for all Microsoft users. Whether it was the Chinese Government or someone else trying to frame them, the vulnerability is a serious one that could ultimately be used to turn millions of Microsoft PCs into Botnet Zombies.
Source:
Microsoft Security Bulletin MS10-002 – http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
