Install MS’s out-of-cycle patches for IE, apps

Susan bradley By Susan Bradley

Two emergency updates released by Microsoft this week correct flaws in Internet Explorer and potentially dozens of third-party programs.

One of the patches is intended primarily for use by application developers, but how far the threat to apps extends — and how many end users will be affected — is not yet clear.

MS09-034 (972260)
Apply this Internet Explorer patch today

This week, Microsoft released security bulletin MS09-034 without waiting for the next scheduled Patch Tuesday on Aug. 11. According to the Redmond company, this patch is rated “Critical” for IE 6/7/8 on XP and IE 7/8 on Vista. (While the Windows 7 release to manufacturing (RTM) version is unaffected by the problem, the Windows 7 release candidate does requiring patching.)

You may already have applied “killbits” from Microsoft security bulletin MS09-032, which was released on this month’s regular Patch Tuesday, July 14. In theory, these killbits should protect you against certain ActiveX exploits already circulating on the Internet.

Microsoft’s Security Research & Defense blog recommends that you retain the killbits, if you did install them, and also apply this week’s update. The group says this will provide an added layer of “defense in depth” patches.

On the other hand, if you haven’t yet applied the MS09-032 update, installing this week’s out-of-cycle patch means you don’t have to install the previous one.

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2009-07-30:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.