News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Two more IE patches released: stick with Firefox, please

    Home Forums AskWoody blog Two more IE patches released: stick with Firefox, please

    This topic contains 7 replies, has 3 voices, and was last updated by  Liz 2 years, 7 months ago.

    • Author
      Posts
    • #59419 Reply

      woody
      Da Boss

      As I anticipated a few days ago, Microsoft has just released two Out of band patches and one security advisory for Internet Explorer. If you are runni
      [See the full post at: Two more IE patches released: stick with Firefox, please]

    • #59420 Reply

      Liz

      Hello
      Regarding these two patches.. I have a KB973346 which is an ‘Update for IE 8 Compatability View List for Windows Vista’ which came through on 14/7, and a whopping great 8MB KB972260 Cumulative Security Update for Windows Vista which came through just yesterday.
      Would these be the updates you are writing about?

    • #59421 Reply

      rc primak

      Liz —

      Read the SANS link in this posting. It gives oone KB Number and three MS09-xxx Numbers for the patches we are talking about here. The SANS report is one page and reads like plain English.

    • #59422 Reply

      rc primak

      P>S> Liz —

      Neither of the two KB Numbers you are asking about appears in the SANS Report.

    • #59423 Reply

      rc primak

      On a more general note, the ATL flaw is a typo in an Active X Control, according to a News Report at Infoworld.com. One extra “&” in the code. But a lot of software developers have used this flawed code, and Microsoft is not sure just how many products from Microsoft and other vendors may be affected. I guess we will just have to wait and see who patches what and how soon.

    • #59424 Reply

      Liz

      Hi rc primak
      I read the SANS link and installed the updates.
      They seem to have gone without a hitch.
      Thanks for your help!
      🙂

    • #59425 Reply

      EP
      AskWoody_MVP

      Using Firefox instead of IE is only part of the solution, Woody. They must also install the latest update to Adobe Flash Player as mentioned on Adobe Security Advisory APSA09-04.

      Woody, Liz and RC Primak: I would also recommend reading that Adobe security bulletin APSA09-04 and follow the instructions there.

    • #59426 Reply

      rc primak

      Thanks, EP.

      But Secunia PSI still reports that the latest Adobe Flash Player updater, outsourced from NOS Systems, is highly insecure (when used from IE, as it is an Active-X Control which sends the updates directly to the Windows Desktop, a known vector for malicious codes and scripts). So use Firefox when updating Flash Player or Shockwave.

      Also listed as insecure is Java Runtime (JRE). The best workaround here is to have anti-spyware with active browser shields, a good two-way firewall, and use Firefox with the NoScript add-on. Consider also the FF NoFlash add-on, and Better Privacy (to clear out so-called “flash cookies”, or Flash LSOs).

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Two more IE patches released: stick with Firefox, please

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.