| By Susan Bradley |
It’s no April Fool joke: Microsoft released an emergency Internet Explorer patch to plug holes in its beleaguered browser.
This is a patch you’ll want to apply as soon as you can.
One patch fixes 10 IE security vulnerabilities
Based on the information in Microsoft security bulletin MS10-018, anyone running a PC with all current versions of Windows and Internet Explorer should apply patch 980182. It ensures protection against several known attacks as well as some threats not publicly disclosed. Server administrators can wait until the next patch-Tuesday (April 13) round of Microsoft security updates.
This patch does protect PCs from the zero-day Internet Explorer 6 issue covered in security advisory 981374. For those running Internet Explorer 8, the security update also fixes a problem causing the browser to crash while using the SmartScreen filter, as noted in article 980344.
But if you think this out-of-cycle patch covers the security vulnerabilities found in last week’s CanSecWest security conference, you’d be wrong. (See today’s Top Story, “Security competition reveals browser flaws.”) At the conference’s Pwn2Own contest, a fully patched Windows 7 with Internet Explorer 8 was exploited.
As explained in the MSRC blog, Microsoft is still investigating how a contestant was able to bypass Windows 7’s Data Execution Prevention and the sandbox protections of IE 8.