Media Advisory: Security update relating to current Internet Explorer vulnerability
19 January, 2010 | Sydney, Australia
Microsoft strongly recommends customers who are using Internet Explorer 6 or 7 upgrade to Internet Explorer 8 (IE8) to help mitigate the current security vulnerability. IE8 can be downloaded from www.microsoft.com/windows/downloads
Late last week Microsoft issued an advisory relating to a vulnerability in Internet Explorer that has been associated with the recently publicised attacks against Google. (This information is contained in Security Advisory 979352.)
By way of further background, Microsoft is only seeing a very limited number of targeted attacks against a small subset of corporations and the attacks that we have seen to date are only effective against Internet Explorer 6. We are not seeing any widespread attacks and thus far we are not seeing attacks focused on consumers.
That said, we remain vigilant about this threat evolving and want to be sure our customers take appropriate action to protect themselves.
Microsoft strongly recommends that customers using Internet Explorer 6 or Internet Explorer 7, upgrade to Internet Explorer 8 as soon as possible to benefit from the improved security protections it offers. Microsoft also recommends that customers using Windows XP SP2 upgrade to Windows XP SP3.
It is important to note that all software has vulnerabilities and switching browsers in an attempt to protect against this one, highly publicized, but currently limited attack can inadvertently create some false sense of security. Moreover, IE8 has other built-in security protections, such as the SmartScreen filter, that other browsers do not have that protect against real consumer threats, such as socially engineered malware and phishing attacks.
We also recommend customers review the information in the Advisory and switch Automatic Updates on to ensure they receive the security update as soon as it becomes available. Guidance on how to switch Automatic Updates on can be found here: www.microsoft.com/security.
Our teams are working around the clock worldwide to develop a security update for broad distribution to address this vulnerability. We will advise as soon as this update becomes available. Should we see any change in the threat landscape, we will update you as soon as possible, or otherwise provide you with daily updates here at the MSRC blog.
Listen to and download sound bites from Microsoft Australia’s security expert, Stuart Strathdee, here:
For more information or to conduct an interview, please contact:
Joanna Kramer
Microsoft Australia
0408 466 410
Ben Tan
Microsoft Australia
0418 488 827
Tags: Security Essentials