Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Patch Watch>Critical update for Internet Explorer 7 and 8

Critical update for Internet Explorer 7 and 8
Tweet

Susan bradley By Susan Bradley

This month’s patches include a cumulative update for IE that plugs two holes allowing remote-code execution of malware.

Don’t wait to download and install this patch, which will likely be exploited by virus authors very soon.

MS09-002 (961260)
Protect IE against drive-by Web infections

There’s an unusual Internet Explorer patch among this month’s updates from Microsoft. Patching IE isn’t unusual, but patching only the newer versions 7 and 8 is. To download and install the patch for IE 7, visit the Microsoft Update site. If you use IE 8, browse to Microsoft Help and Support article 961260 and scroll down the page to find the update download. IE 6 users don’t need this patch.

The cumulative security update addresses two vulnerabilities that allow bad guys to plant malware on a site that downloads automatically when the page opens in your browser. I expect we’ll soon see this used in Web-based attacks, so if you use IE 7 or 8 while logged in a Windows administrator account — as many people do — you need to install this patch as soon as possible.

When I tested the patch, I didn’t have to do any additional tweaking to ensure that it worked with firewalls. If you encounter problems with the update, my standard guidance applies: before uninstalling the patch, try disabling and then re-enabling your antivirus software and review your firewall settings to ensure they aren’t blocking your browser.

You’ll find more information about the update in this Microsoft TechNet article.

960715
Time to kill off a few more ActiveX bits

If you download software from various vendor sites, you have likely received an ActiveX control for Akamai’s Download Manager program. The patch described in Microsoft Security Advisory 960715 disables this ActiveX control. The action was taken at the request of Akamai. When you return to an Akamai download location, you’ll be prompted to install the new ActiveX controls, as described in Akamai’s advisory. Installing the ActiveX kill-bit patch allows you to deactivate the bit without having to visit a site that uses the Akamai download app.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

Related posts:

  1. Internet Explorer update problems
  2. Cumulative security update for Internet Explorer
  3. Cumulative patch for Internet Explorer
  4. More flaws emerge in Internet Explorer
  5. Internet Explorer 7: missing in action or not?
= Paid content

All Windows Secrets articles posted on 2009-02-12:

  • Top Story SiteAdvisor ratings may be 1 year out-of-date
  • Known Issues CNN.com’s use of Octoshape puts readers on edge
  • Wacky Web Week More fun than reporting on stock-market carnage
  • LangaList Plus Recover lost disk space by dumping dump files
  • Best Software What you should do about Windows Vista
  • Patch Watch Critical update for Internet Explorer 7 and 8
  •  Show all articles on a single page
Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.
View all posts by Susan Bradley →
E-books

We’ve pored through years of back issues, picking the best tips, to create these ebooks:

E-book series
  • PC Maintenance Guide
  • PC Security Guide
  • Windows 7 Guide Vol 1
  • Windows 7 Guide Vol 2
  • Win XP Survival Guide
See the e-book series
Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.21
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Don’t pay for software you don’t need — Part 2 4.10
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb