Tuesday, December 16, 2008

Critical bug in Microsoft Internet Explorer reported (whats new?)


Computer World is reporting that all current versions of Internet Explorer (6, 7, and Beta 8) have a critical bug. They story by Gregg Keizer is here. Arlington Virginia's emergency warning network sent out this cyber alert this morning!

The Microsoft Security advisory 961051 is here. Microsoft characterizes the vulnerability as “an invalid pointer reference in the data binding function of Internet Explorer”. The concept of “bind” is similar to that on the mainframe familiar to DB2 users.

Some security experts recommend disabling “oledb32.dll” if one continues using IE, until there is another security fix this month.

A DLL (dynamic link library) is an executable file that permits programs to share code to execute common functions. There is a writeup on removing dll’s on the Spyware Remove database here. Wikipedia’s discussion is here.

A few applications require Internet Explorer and don’t run on other browsers. One example is Netflix’s movie viewer. Some companies offering work-from-home customer support jobs require the use of Internet Explorer specifically. These are all issues, as other browsers like Mozilla ought to be acceptable in these circumstances.

Yahoo! Tech has a more alarming story on Dec. 17 (by "Christopher Null"), with computer experts warning that a new wave of fraud is inevitable in Microsoft doesn't patch this problem quickly. Use any other browser, they say. It's probably not wise to use IE right now with any application requiring logon with password (like a banking site). Hopefully, Microsoft will have a patch in a few days, but this sounds like a difficult fix.

They don't use the word "Microslop" for no reason!

Update: Dec. 18, 2008

Microsoft pushed a fix to IE this morning. It took about one minute to install. It looks like it replaced a few DLL's. A restart was required. (Microsoft also pushed a fix to Real Player.)

No comments: