Microsoft Security Bulletin: Alert - Critical Product Vulnerability

Microsoft has recently released a new out-of-band security bulletin MS08-078 (Security Update for Internet Explorer - 960714) to address a vulnerability in all currently supported versions of Internet Explorer.

This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers and resolves a publicly disclosed vulnerability in Internet Explorer.

The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 961051.

Recommendations

Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.com/protect.