Hi Folks
Here is a critical patch release for Internet Explorer. Below given is the description of the issue as described by secunia security advisory.
Description : A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the handling of redirections for URLs with the “mhtml:” URI handler. This can be exploited to access documents served from another web site.
Technical Explanation from MS (Bulletin MS08-078 – Critical)
A remote code execution vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.
An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Microsoft has released the fix for the reported IE Security hole. You can deploy these latest critical patches to your network using Desktop Central Patch Management.
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
Above mentioned URL has the information about the fixes and other details. Desktop Central supports the deployment of all the 18 patches. You can update you vulnerability Data Base through DC and do a scan to deploy this critical patch. Since its a Critical patch, lets patch it immediately and with ease through DC.
Merry Christmas.
cheers
Romanus
