Today is not the second Tuesday of December, so we didn’t expect that Microsoft was going to publish any security bulletins until 2009. But given the circumstances and the severity of this vulnerability, Microsoft had no choice but to release once again a bulletin, called MS08-078, out of the usual date.
If this vulnerability is exploited, it allows remote code to be executed without the user’s consent.
This vulnerability affects all the Internet Explorer versions from 5.01.
To sum up, it is a critical vulnerability as it is very easy to exploit and affects from Windows 2000 to Windows Server 2008 computers and all the versions of Internet Explorer. In fact, it can be stated that more than 6.000 URL are currently being used to exploit this vulnerability and distribute malware.
We strongly recommend you to install this patch immediately by following this link MS08-078.
In spite of the latest patches published out of the usual date, let’s hope that in the future these updates continue being released the second Tuesdays of the month.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
