By Mark Joseph Edwards
Microsoft recently announced that a special, out-of-cycle patch would be released on Dec. 17 for Internet Explorer’s latest security vulnerability, the so-called XML exploit.
If you’d like to avoid similar weaknesses that are certain to be discovered in IE in the future, the simple solution is to use a different browser, such as Firefox, with a few easy customizations that allow you to switch to Microsoft’s browser only for sites that absolutely require IE.
If you haven’t yet patched IE to protect against the XML exploit, visit Microsoft’s December 2008 security advisory. This Web page, which began as an announcement of the Redmond company’s planned patch, changes automatically to information about installing the patch as soon as the fix is released.
WS contributing editor Susan Bradley reported on the dangerous zero-day exploit in her Dec. 11 Patch Watch column (paid content). The security hole affects many different builds of IE 5, 6, and 7 as well as the beta version of IE 8. Every recent version of Microsoft’s operating system is potentially affected: Windows 2000, XP, Vista, Server 2003, and Server 2008.
The Redmond software giant acknowledged on Dec. 16 that more than two million Windows users had already become infected via the IE flaw, according to an article by the Press Association. How many more people will get hit before the patch is widely distributed is anyone’s guess.