Another Black Eye for IE 5,6,7,8.

[Abarbarian]

http://www.tweaktown.com/news/12883/critical_patch_for_internet_explorer_released/index.html

"If you have not heard there is a pretty serious patch out for Internet Explorer. This patch is coming out of the normal cycle so it must be important."

The patch actually covers FOUR security holes see the MSB here.

http://www.microsoft.com/technet/security/bulletin/MS09-034.mspx?pubDate=2009-07-28

"This security update also resolves three privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights"

 

[muckshifter]

Launching Firefox, and simply going on with your lives, thinking you are unaffected won't help.

The problem announced this week, however, involves more than just IE.

Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site.

Cisco will release free software updates for products that are affected by this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090728-activex.shtml.

more at ... http://securityblog.verizonbusiness.com/2009/07/28/activex-risk/

Needless to say, everyone need to make sure they install these latest updates from MS