Today is not the second Tuesday of December, so we didn’t expect that Microsoft was going to publish any security bulletins until 2009. But given the circumstances and the severity of this vulnerability, Microsoft had no choice but to release once again a bulletin, called MS08-078, out of the usual date.


If this vulnerability is exploited, it allows remote code to be executed without the user’s consent.

This vulnerability affects all the Internet Explorer versions from 5.01.



To sum up, it is a critical vulnerability as it is very easy to exploit and affects from Windows 2000 to Windows Server 2008 computers and all the versions of Internet Explorer. In fact, it can be stated that more than 6.000 URL are currently being used to exploit this vulnerability and distribute malware.

We strongly recommend you to install this patch immediately by following this link MS08-078.

In spite of the latest patches published out of the usual date, let’s hope that in the future these updates continue being released the second Tuesdays of the month.