Please read below carefully and ensure that you update your systems accordingly. As a SBSC and trusted IT professional, communicate this notice out further to your clients to ensure they are also protected.

This alert is to provide you with an overview of the new security bulletin being released (out-of-band) on December 17, 2008. Microsoft has released security bulletin MS08-078, Security Update for Internet Explorer (960714), to address a vulnerability in all currently supported versions of Internet Explorer . This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers.

Executive Summary

This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding parameters and handles the error resulting in the exploitable condition.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 961051.


Microsoft recommends customers prepare their systems and networks to apply this security update immediately, to help ensure that their computers are protected from attempted criminal attacks. Please visit to apply the security update.

New Security Bulletin Technical Details

  • Identifier MS08-078
  • Severity Rating This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 SP1, and Internet Explorer 7.
  • Impact of Vulnerability Remote Code Execution
  • Detection Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
  • Affected Software Internet Explorer 5.01 (Windows 2000), Internet Explorer 6 (Windows 2000), Internet Explorer 6 SP1 (Windows XP and Windows Server 2003), and Internet Explorer 7 (Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008). For information about Internet Explorer 8 (Beta) please see the FAQ section of the bulletin.
  • Restart Requirement The update will require a restart only if the required files are being used. If this occurs, a message appears that advises you to restart.
  • Removal Information For Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. For Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
  • Bulletins Replaced by This Update None.
  • Full Details

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,

Microsoft CSS Security Team



Thank you for reading...

Subscribe by RSS or

This posting is provided "AS IS" with no warranties, and confers no rights.