The IT Nerd

Frequent readers will recall that I’ve mentioned a rather serious Internet Explorer bug recently that allowed an evil doer to potentially take control of your computer. Today, Microsoft released a patch for that issue that I strongly recommend that you download. The same patch fixes a bunch of other issues according to the security bulletin that was updated today. My advice is to hit Windows update and get this patch as there are apparently exploits floating around that leverage this bug.

If you really needed a reason to switch from Internet Explorer to something else, here’s one more to add to your list. Microsoft released a Security Advisory warning of a zero day bug with Internet Explorer 6 and 7. The bug could allow an attacker to take control of a machine if a user visited a malicious Web site:

The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

At this time, we are aware of targeted attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

If you want to protect yourself from this, run Internet Explorer 8. Or you can always switch to something else like Firefox.

Microsoft has begun to roll out the emergency patch that plugs that rather nasty Internet Explorer hole that has been linked to the recent Google hack via Windows Update and Microsoft Update. This security bulletin has all the details that you need to know.  I’m in the midst of installing this update now and I did notice that on my Windows 7 Ultimate VM it flipped the taskbar to the top of the screen after the update. Hmmm… Weird. If anybody else notices anything like that, please leave a comment.

Given the nature of this hole in IE, you should get this patch as soon as you can.

You might want to check Microsoft Update at 1PM EST tomorrow as Microsoft is planning on releasing a patch to that IE hole that I told you about yesterday. The software giant has posted a security note on the subject that has all the details. My advice would be to download the patch as soon as it’s available so that you’re protected.

Now if only Apple moved that fast to fix issues like this.

If you’re still running Internet Explorer, it may be time for you to switch to something else. Why? It now turns out that Internet Explorer helped to facilitate the attack on Google via a security hole in the browser. Microsoft has posted a security advisory on the issue:

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.

However, the advisory goes on to say that they’ve only seen attacks using Internet Explorer 6. Therefore if you’re still running that version, you might want to upgrade to Internet Explorer 8 to protect yourself. That’s what France and Germany are suggesting that you do. Or you could just switch to Firefox or Chrome as the same security holes exist in IE 7 and 8. That means that attacks may appear for those browsers as well.

Let’s hope that a patch for this appears quickly as this isn’t a good situation.

Microsoft has posted Internet Explorer 8 on its website for those who want to update to the latest and greatest web browser from the evil empire. Although the fact that it was hacked shortly before its release may have you thinking if you want to run at all in the short term until some patches appear. But if it were up to Microsoft, their public relations sock puppets people would have you focus on the following:

In response to extensive customer research and input from tens of millions of customer sessions, Microsoft developed Internet Explorer 8 to focus on what matters most to people. The security enhancements offer protection against existing and emerging security threats online. It blocks two to four times more malware attacks than other browsers; cuts down on the time it takes to complete common tasks on the Web such as searching, mapping and sharing, including navigating 15 of the 20 top worldwide sites; and blurs the lines between the services they use daily and the browser used to access the Internet.

That seems to be validated by at least one reviewer who says that:

This latest version of Microsoft’s browser leapfrogs its closest competition, Firefox 3, for basic browsing and productivity features — it has better tab handling, a niftier search bar, a more useful address bar, and new tools that deliver information directly from other Web pages and services. IE8 has also been tweaked for security and includes a so-called “porn mode,” new anti-malware protection, and better ways to protect your privacy.

Hey, I’m all for things that make my life easier. Plus the “porn mode” is a handy thing to keep the missus from finding out about your love for bigbootygirls.com.

In any case, now that IE 8 is out I can now say “Let the browser wars begin!”

UPDATE: The Washington Post has a different view of Internet Explorer 8.