Microsoft’s Christmas Greeting – A Security Patch for Internet Explorer
On December 17th, Microsoft released an emergency security patch for all versions of Internet Explorer. The patch is considered a critical fix for a current security flaw that has believed to have infected over 2 million computers.
The following version of Internet Explorer are affected:
- Internet Explorer 5.01
- Internet Explorer 6
- Internet Explorer 7
How Serious is the Flaw?
The flaw can be used to let attackers steal personal data such as passwords if a user visits a compromised Web site, of which at least 10,000 are thought to already exist. Thus far, the vulnerability has been used primarily for grabbing gaming passwords for black market sales. The hole could, however, potentially also be used to steal more sensitive information such as banking passwords and other private information. Definitely not a hole you want left unpatched for an extended period of time especially if you have been doing a lot of holiday shopping over the Internet.
Steps To Secure Internet Explorer
First, download the appropriate Microsoft security patch at the Microsoft Update site as well as at the Microsoft Download Center. It is always the best policy to obtain any hardware or software patches directly from the hardware or software vendor’s website instead of some unknown third party website. An unknown third party website purporting a hot patch fix is more likely than not also including unwanted extra baggage in their download in the form of malware resulting in ironically making your system even less secure than before.
After successfully applying the IE security patch, update the virus definitions on your antivirus software on your system. The virus definition date should be December 17th or later. Then run a full virus scan on your system to make sure nothing sneaked in during the period before you applied the security patch. If your virus scan comes back clean, then you can go on the Internet with confidence to finish any last minute holiday shopping.
More technical details are available on the Microsoft Technet website.