bit-tech.net

MS issues emergency IE patch

MS issues emergency IE patch

The latest patch for Internet Explorer - released out-of-cycle today - fixes a range of security issues.

Microsoft has broken its traditional monthly patch release cycle - fondly known by sysadmins around the world as 'Patch Tuesday' - to release an emergency fix for a zero-day vulnerability in its Internet Explorer web browser.

The flaw - which, according to CNet doesn't affect users running Internet Explorer 8 or Windows 7 - allows remote attackers to take full control of a target machine simply by directing users to a malicious website.

With the flaw under active attack, Microsoft has ditched its usual release cycle in order to get the fix out as soon as possible - and it's a pretty big fix, repairing as it does nine holes in Internet Explorer including the one currently being exploited by hackers.

While the release of an out-of-cycle patch can be good news for end-users - who receive the security update as quickly as possible - it can be a headache for corporate IT departments, who are suddenly faced with the need to test a patch for emergency deployment with little warning or allow it to roll out without adequate testing in order to protect their users from attack.

Although the current attacks only affect versions of Windows prior to Windows 7 and Internet Explorer 6 and 7, all users are advised to install the patch as it fixes additional vulnerabilities which could lead to attacks on newer versions of Microsoft's software.

The patch is available from today via Windows Update.

Are you pleased to see that Microsoft is willing to veer from its patch release schedule if the problem is serious enough, or are you not looking forward to the headache of an out-of-cycle patch? Share your thoughts over in the forums.

20 Comments

Discuss in the forums Reply
Fizzban 30th March 2010, 14:19 Quote
You mean there are still people who actually use IE?
Zayfod 30th March 2010, 14:37 Quote
it can be quite hard not to, what with it being integrated into Windows and all.
proxess 30th March 2010, 14:44 Quote
Get up, patch up! Don't give up the fight! Get up, patch up! Finally doin' it right!
Bauul 30th March 2010, 14:44 Quote
Quote:
Originally Posted by Zayfod
it can be quite hard not to, what with it being integrated into Windows and all.

True, even the recent Choose Your Browser application ran in IE.
tripwired 30th March 2010, 14:47 Quote
Quote:
Originally Posted by Fizzban
You mean there are still people who actually use IE?

It's hard to break away from Internet Explorer with bespoke software (designed with only IE support in mind) used in a lot of companies. Our booking system at work only functions inside IE6 or IE7, I'm still waiting on them to implement IE8 support, nevermind Firefox or Chrome :(
Fizzban 30th March 2010, 14:49 Quote
Quote:
Originally Posted by Zayfod
it can be quite hard not to, what with it being integrated into Windows and all.

It was meant with a little humour. Also I don't think its hard not to use it. Whenever I do a new windows install I have everything I need on another HD ready to go..including a Firefox.exe. And even if you need to use IE to download another browser..you use it for all of, what? A minute?
Quote:
Originally Posted by tripwired
It's hard to break away from Internet Explorer with bespoke software (designed with only IE support in mind) used in a lot of companies. Our booking system at work only functions inside IE6 or IE7, I'm still waiting on them to implement IE8 support, nevermind Firefox or Chrome :(

You have my condolences then. I avoid IE like the plague.
tad2008 30th March 2010, 15:06 Quote
My main browser of choice has become Chrome, although it took me a while to get used to it's bare bones look. I only use Firefox now when I have the need to make use of specific plug ins. IE 8 very rarely see's the light of day except on those rare occasions when something simply doesn't work in either of the other two.

Opera has always had it's appeal, but for some reason I have never really been able to gel with it. With Chrome, my only real niggle is that when it is not full screen that it does not like being right up against the edge of the screen.
Omnituens 30th March 2010, 15:29 Quote
Also you have to remember that some apps use IE within them - for example Steam uses 32-bit IE.
Psy-UK 30th March 2010, 15:34 Quote
Thankfully, the Steam 2010 UI beta uses Webkit.
Shagbag 30th March 2010, 18:09 Quote
Quote:
While the release of an out-of-cycle patch can be good news for end-users - who receive the security update as quickly as possible - it can be a headache for corporate IT departments, who are suddenly faced with the need to test a patch for emergency deployment with little warning or allow it to roll out without adequate testing in order to protect their users from attack.

Or they could just bite the bullet and switch to Firefox, Opera, etc. and avoid the future 'headaches'.
Farfalho 30th March 2010, 19:38 Quote
Quote:
Originally Posted by Fizzban
Quote:
Originally Posted by Zayfod
it can be quite hard not to, what with it being integrated into Windows and all.

It was meant with a little humour. Also I don't think its hard not to use it. Whenever I do a new windows install I have everything I need on another HD ready to go..including a Firefox.exe. And even if you need to use IE to download another browser..you use it for all of, what? A minute?
Quote:
Originally Posted by tripwired
It's hard to break away from Internet Explorer with bespoke software (designed with only IE support in mind) used in a lot of companies. Our booking system at work only functions inside IE6 or IE7, I'm still waiting on them to implement IE8 support, nevermind Firefox or Chrome :(

You have my condolences then. I avoid IE like the plague.

-1
PingCrosby 30th March 2010, 21:03 Quote
But I love Internet Explorer...its like a lovely big bag of chips soaked in salt and vinegar...mmmm and with scraps too.
macroman 30th March 2010, 23:26 Quote
From an IT professional view, random updates are nothing more than a slight inconvenience. Any business with any thought towards protecting itself will be using tools such as WSUS or Altiris etc to protect itself. so no news here. Move along.
Ataraxia 31st March 2010, 05:42 Quote
Quote:
Originally Posted by macroman
From an IT professional view, random updates are nothing more than a slight inconvenience. Any business with any thought towards protecting itself will be using tools such as WSUS or Altiris etc to protect itself. so no news here. Move along.

this is pretty much true. i've had instances where an official update has caused problems other than what it is supposed to fix but those have been quite rare. Not applying a patch is almost certainly worse than applying it. Large scale operations are always better testing patches against their own setup before wide scale deployment but that is a given, security updates are best applied as soon as is viable.
Star*Dagger 31st March 2010, 07:35 Quote
IE = Idiots Explorer
isaac12345 31st March 2010, 09:11 Quote
Glad to know Microsoft's taking extra effort for serious patches.
Nedsbeds 31st March 2010, 09:42 Quote
Quote:
Originally Posted by Shagbag
Quote:
While the release of an out-of-cycle patch can be good news for end-users - who receive the security update as quickly as possible - it can be a headache for corporate IT departments, who are suddenly faced with the need to test a patch for emergency deployment with little warning or allow it to roll out without adequate testing in order to protect their users from attack.

Or they could just bite the bullet and switch to Firefox, Opera, etc. and avoid the future 'headaches'.
You're joking right!? You can't open firefox without it doing more bloody updates.
Pookeyhead 31st March 2010, 09:50 Quote
It takes a few seconds, and you're always up to date. I see no problem with the frequent updates.
Shagbag 31st March 2010, 13:21 Quote
Quote:
Originally Posted by Nedsbeds
You're joking right!? You can't open firefox without it doing more bloody updates.
I've never experienced anything like that, despite having my options set for automatic updates. Maybe a case of YMMV.
crazyceo 1st April 2010, 09:56 Quote
WELL DONE Microsoft and the IE team for dealing with this problem of the worlds best and favourite web browser for its happy users.

IE8 is by far the best browser available today and I see no genuine reason to change to another one.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums