MS releases mother of all IE security patches - download "immediately"

[NicColt]

The Register's article

Which the firm says is a "critical" security precaution against crackers which should be applied "immediately"

You can get it from WindowsUpdate.com or read all about it and download it from Microsoft.com/IE site

Why, well according to Microsoft....

"Impact of vulnerability: Run code of attacker?s choice. "

"Recommendation: Customers using IE should install the patch immediately" Well d'uh...

Hope this helps.

 

[corkyg]

That patch has been part of XP's critical updates posted by M$ for the past 4-5 days.

 

[rh71]

So if we're still running IE5.0 SP2, we are SAFE? All it ever asks us to do is "update to the latest" but that doesn't say if we can keep the older stable 5.0 version and still be safe.

 

[NicColt]

It only affects 5.5 sp2 and higher. BTW I just went to windowsupdate and it didn't pick it up so I had to download it manually.

BTW I have win2K and IE6.

If you want to know if you have the patch just click on help/about and Update Versions and it's Q313675 if you don't have that one then you can manually d/l it and install it.

 

[SWScorch]

thanx for the notice... downloading now

 

[kaytwo]

Umm, I did windows update "scan" in XP, and this didn't show up. I've also been choosing not to install the Messenger update, but I doubt that would have anything to do with it; I installed the patch manually. Anyone else have this issue in XP?
k2

 

[Logix]

Hmm... when I run Windows Update, I don't see the update listed. I have Win2K with IE6.

Thanks for the heads-up.

 

[NicColt]

"The Inquirer reports that the patch Microsoft made available may not offer enough protection against hackers breaking into systems remotely. The FBI says that users of the WinXP OS should also switch off Universal plug'n'play to further add protection against the "cavernous" hole exposed last Thursday."

"It's obviously more than just the service. Something else is clearly handling the NOTIFY message and the system then starts the service or the service has nothing to do with it. If it was default/off/whatever then they wouldn't be this worried about it."

Dude there's something more going on here that MS is letting out. If it's disabled or off by default then why the big fuss. ??? there's something bigger here.

 

[rbV5]

<< The FBI says that users of the WinXP OS should also switch >>



Good grief, we're relying on the FBI for computer security advice now...Puleeeesee!1

 

[manly]

<< So if we're still running IE5.0 SP2, we are SAFE? All it ever asks us to do is "update to the latest" but that doesn't say if we can keep the older stable 5.0 version and still be safe. >>



Nope.

M$ is forcing anyone below IE5.5sp2 to upgrade.

 

[NicColt]

According to the Register - "US Defense Department and FBI officials contacted Microsoft on Friday to express their concern over the recently-disclosed security bugs affecting all versions of Windows, the Associated Press reports. The Feds were particularly concerned that the bug gives up root on Win-XP, ironically touted as the most secure Windows OS ever developed, the wire service says."

Dudes for the DD and the FBI to 'contact' MS for a bug in the OS is amazing. there has to be WAY more to this than just a bug or a hack. and it has to be way more severe than what we think.