bit-tech.net

Microsoft, Oracle release critical security updates

Microsoft, Oracle release critical security updates

Microsoft's Internet Explorer is receiving an out-of-cycle patch today, while Oracle has also updated its Java software.

Microsoft is breaking with its self-imposed monthly patch cycle to address a serious security vulnerability in its Internet Explorer web browser.

Rather than waiting for the regular 'Patch Tuesday' - the second Tuesday of each month, when the planned updates and fixes are rolled out to customers - Microsoft has decided to issue an out-of-cycle patch, only done in critical scenarios, to address a remote code execution zero-day vulnerability in Internet Explorer which is being actively exploited by ne'er-do-wells.

The precise flaw that is being fixed is not being made public, in an effort to stem the flow of attacks against the vulnerability, but is thought to be related to a security advisory affecting Internet Explorer 6, 7 and 8 - but not Internet Explorer 9 or 10. While a work-around for that flaw, which allowed attackers to exploit the MSHTML shim in order to run arbitrary code in the context of the browser user, was released by Microsoft in the form of a 'Fix It' patch, this merely disabled the affected component rather than actually fixing the flaw.

For those running a later release of Internet Explorer, or any other browser, now isn't the time to get complacent, however: coinciding with the out-of-cycle patch for older Internet Explorer releases, Oracle has announced an update for its Java package that fixes a similarly serious security vulnerability. Java 7 Update 11 has been released to address a series of zero-day attacks against the popular package, which is often triggered via a plug-in in a web browser to run web applications.

The Java flaw is significantly more wide-spread than the Internet Explorer vulnerability, affecting any machine with Oracle's Java client installed - an estimated 850 million desktops and laptops around the world. The flaw was serious enough for browser makers, including Firefox creator Mozilla, to temporarily block Java from loading in order to provide some level of protection against attack.

For those who need Java, the update to Java 7 Update 11 is a recommended install - and if you're an Internet Explorer 6, 7 or 8 user, should be snagged alongside Microsoft's out-of-cycle patch, which can be installed through Windows Update as normal. Alternatively, consider upgrading to a newer release of Internet Explorer: both Internet Explorer 9, available for older versions of Windows, and the Windows 8-exclusive Internet Explorer 10 are not vulnerable to the flaw but still require the Java update.

11 Comments

Discuss in the forums Reply
Griffter 14th January 2013, 11:26 Quote
ai. a penny for every time there is an IE security problem article on this site alone...
RichCreedy 14th January 2013, 13:23 Quote
firefox and chrome have just as many flaws, in some cases more, but you don't hear about them as much
Griffter 14th January 2013, 15:49 Quote
do i really someone coming to the defense of IE???
Griffter 14th January 2013, 15:50 Quote
do i really hear someone coming to the defense of IE???
RichCreedy 14th January 2013, 18:52 Quote
there's nothing wrong with internet explorer, like ALL software, it has it's flaws, and so long as you remember that and keep things up to date, it's a perfectly good browser.

anyone who says any other browser is safer are deluded, they may not have the same flaws, but they have flaws all the same.
schmidtbag 14th January 2013, 19:17 Quote
Quote:
Originally Posted by RichCreedy
firefox and chrome have just as many flaws, in some cases more, but you don't hear about them as much

Firefox and Chrome have DIFFERENT problems, I'd say mostly related to stability or hardware consumption than anything. IE today seems to be pretty stable but it's also only developed for 1 OS. AFAIK, not even Windows XP or Vista get the latest IE version. Chrome, FF, and Opera are supported on just about every platform. That's a lot more debugging to do. Every browser has its excuses. Firefox is open source and seems to have a bad management team, Opera isn't popular to gain a higher userbase (and therefore more developers or bug reporting), and Chrome is still pretty young and is working on new APIs. What's IE's excuse? Safari is probably the only browser that is what it intends to be without failure. Safari is by no means the best browser, I personally dislike it. But I don't really ever hear about stability, security, or incompatibility issues with it.
will_123 14th January 2013, 19:23 Quote
Quote:
Originally Posted by schmidtbag
Quote:
Originally Posted by RichCreedy
firefox and chrome have just as many flaws, in some cases more, but you don't hear about them as much

Firefox and Chrome have DIFFERENT problems, I'd say mostly related to stability or hardware consumption than anything. IE today seems to be pretty stable but it's also only developed for 1 OS. AFAIK, not even Windows XP or Vista get the latest IE version. Chrome, FF, and Opera are supported on just about every platform. That's a lot more debugging to do. Every browser has its excuses. Firefox is open source and seems to have a bad management team, Opera isn't popular to gain a higher userbase (and therefore more developers or bug reporting), and Chrome is still pretty young and is working on new APIs. What's IE's excuse? Safari is probably the only browser that is what it intends to be without failure. Safari is by no means the best browser, I personally dislike it. But I don't really ever hear about stability, security, or incompatibility issues with it.

Thats a pretty well made argument. Well said son.
Star*Dagger 14th January 2013, 23:52 Quote
Anyone stupid enough to use IE deserves worse than a virus!!!
Griffter 15th January 2013, 09:08 Quote
Quote:
Originally Posted by schmidtbag
Quote:
Originally Posted by RichCreedy
firefox and chrome have just as many flaws, in some cases more, but you don't hear about them as much

Firefox and Chrome have DIFFERENT problems, I'd say mostly related to stability or hardware consumption than anything. IE today seems to be pretty stable but it's also only developed for 1 OS. AFAIK, not even Windows XP or Vista get the latest IE version. Chrome, FF, and Opera are supported on just about every platform. That's a lot more debugging to do. Every browser has its excuses. Firefox is open source and seems to have a bad management team, Opera isn't popular to gain a higher userbase (and therefore more developers or bug reporting), and Chrome is still pretty young and is working on new APIs. What's IE's excuse? Safari is probably the only browser that is what it intends to be without failure. Safari is by no means the best browser, I personally dislike it. But I don't really ever hear about stability, security, or incompatibility issues with it.

too my defense! :-) , i struggle to argue will ppl that protect IE.. mainly becos i really dont know where to start coupled with the fact that the person using IE is using it in the face of just ultra hard facts and an ozy eshop charging extra to users on IE cos of the hell he goes through optimizing it for IE... so what can i say new to convince them... thx! lol
RichCreedy 15th January 2013, 19:06 Quote
ok I should point out I use ie10, and if you really want to get into nitty gritty stuff on security of programs, secunia is a good place to start.

IE10
Chrome
Firefox
Gradius 16th January 2013, 02:01 Quote
IE? What is that? ;-) :p
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums