MS11-050 being exploited – don’t use Internet Explorer! @ AskWoody.com

MS11-050 being exploited – don’t use Internet Explorer!

Posted on June 18th, 2011 at 06:52 woody 14 comments

Gregg Keizer at ComputerworldÂ reports that Symantec has seen targeted attacks in the wild that go after the hole just plugged this week by Microsoft’s MS11-050 security bulletin.

The hole affects IE 6, 7 and 8 – which is significant because IE 8 is widely thought to be relatively impervious to exploits. (I said “relatively”, yes?)

Anyway, you have four choices: Install IE 9 (which I’ve been recommending for months now); install MS11-050 [typo fixed - sorry - WL], which is another monster Internet Explorer patch; disable JavaScript; or use any browser other than IE (which I’ve been recommending for many years, eh?).

Windows Patches/Security Internet Explorer, June 2011 Black Tuesday, use-after-free
14 responses to “MS11-050 being exploited – don’t use Internet Explorer!”
1. rc primak June 18th, 2011 at 15:54
  
  woody,
  
  Greg Keizer works for ComputerWorld, not Infoworld.
2. flavet June 19th, 2011 at 07:54
  
  @Woody – I believe the MS11-058 reference in the body of this item should be MS11-050.
3. Jacquie June 20th, 2011 at 03:27
  
  Dear Woody,
  
  Am I remembering correctly – that WIN XP can’t handle IE 9? If not, how do you disable JavaScript?
4. rc primak June 20th, 2011 at 14:46
  
  Even though I use non-IE browsers (Firefox in the Win-XP laptop and Chrome in the Win-7 laptop) I have applied this patch in spite of the (possible) patching risks. The risks of not applying it now are too great, according to many reports. All other June patches remain on hold, as per AskWoody instructions.
5. Mordechai (Morty) Schiller June 20th, 2011 at 18:20
  
  Woody,
  Is this warning for the XP holdouts also?
  Morty
6. woody June 20th, 2011 at 21:33
  
  @Morty -
  
  Absolutely. There’s no reason to cling to XP, unless you have hardware or software that absolutely can’t work with Win7.
7. Dana Briggs June 20th, 2011 at 21:34
  
  Apply MS11-050 or MS11-058?
8. woody June 20th, 2011 at 21:36
  
  @Bob -
  
  True, but he publishes on both the ComputerWorld and InfoWorld sites. The two are inter-related, although I’m not sure of the exact relationship. “Sister publications” I think is the best term.
9. EP June 20th, 2011 at 23:49
  
  uh, woody, you do realize that there is also an MS11-050 security patch for IE9. look very carefully at MS security bulletin MS11-050.
  
  Those who use either Vista SP2 or Win7 will have to install IE9 AND install MS11-050 patch for IE9 (yes folks, there IS an MS11-050 patch for IE9! the first security update for IE9).
  
  Or, of course, use Firefox, Chrome or Opera.
10. rc primak June 21st, 2011 at 03:26
  
  OK on the Keizer employer issue. Still, I would apply these patches ASAP. And ONLY these patches.
11. Ron June 21st, 2011 at 05:30
  
  Woody since i have Xp Home Edition Sp3 Do i need this Patch an what is the KB No. For it i’ve tried to find it but haven’t came up with what i’m looking for. when i got the Tue. update it had 4 .net patches an 8 or 9 security patches for Xp an IE 8. an is possible to run IE 9 or is to much for what i’m running. Windows Xp Sp3 Home Edition 32 Bit. Thanks Ron.
12. woody June 22nd, 2011 at 21:40
  
  @Ron -
  
  IE 9 doesn’t work with XP. Just install and use Firefox or Chrome…
13. woody June 22nd, 2011 at 21:41
  
  @EP -
  
  Yes, you’re right…
14. flavet June 23rd, 2011 at 06:37
  
  @Woody
  
  Please see my earlier post, this item. There were two references in your original item that stated MS11-058. At that time there was no MS11-058, as far as I could find. I figured you would find that MS11-058 was not correct and that you would find that you used that term twice in the item. It appears that you corrected one of the citings, but not the second one. That could be even more confusing to newbies than the original item.
Leave a reply

Name (required)

Mail (will not be published) (required)

Website