ie8 fix
madison

The Ed Bott Report

Ed Bott
Home / News & Blogs / The Ed Bott Report

Yes, IE8 users, you need that new security update

By | March 30, 2010, 3:38pm PDT

Summary: Microsoft issued a security update for Internet Explorer today ahead of the normally scheduled release on Patch Tuesday, April 13. Out-of-band updates are relatively rare, and reserved for vulnerabilities that are are being actively exploited. If you have Internet Explorer, here’s why you need it.

Microsoft issued a so-called out-of-band update for Internet Explorer today. In plain English, that means the update is being pushed out via Windows Update and Microsoft Update ahead of the normally scheduled release on Patch Tuesday, April 13. Out-of-band updates are relatively rare, and reserved for vulnerabilities that are are being actively exploited.

If you’re using IE8 on any platform, including Windows 7, you need the updates described in Microsoft Security Bulletin MS10-018. If you heard otherwise, it’s understandable. Microsoft has issued some confusing public statements on this matter. Here’s a quick explainer.

According to the security bulletin:

This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6 Service Pack 1, Internet Explorer 6 on Windows clients, Internet Explorer 7, and Internet Explorer 8 on Windows clients. [emphasis added]

If you scroll down to the Affected Software section, you’ll see these two entries under the Internet Explorer 8 heading:

Operating System Maximum Security Impact Aggregate Severity Rating
Windows 7 for 32-bit Systems Remote Code Execution Critical
Windows 7 for x64-based Systems Remote Code Execution Critical

So why the confusion? In the blog post that provided advanced notification of the fix, the Microsoft Security Response Center said:

MS10-018 resolves Security Advisory 981374, addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory …

Indeed, IE8 is unaffected by that one issue. But MS10-018 is a cumulative update that also includes fixes for nine privately reported and previously undisclosed vulnerabilities in all versions of Internet Explorer, including IE8.

If you have Automatic Updates turned on, this should be delivered to you today or tomorrow at the latest. The update isn’t large, and a restart is required after installation, so if you don’t want an unexpected reboot, go get it now by checking Windows Update manually.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “The Ed Bott Report”

Topics

Microsoft Internet Explorer, Out-of-band Update, Internet Explorer 8, Web Browsers, Internet, Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications.

Disclosure

Ed Bott

Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis.

Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books written prior to fall 2011 have been distributed by Que Publishing (a division of Pearson Education) and by Microsoft Press. As of November 2011, Ed is a partner in the independent publishing company Fair Trade Digital Exchange, which exclusively publishes his books.

On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate.

Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMware. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than two years ago. All stocks are held in retirement accounts for long-term growth.

Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.

Biography

Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.

44
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Yes, IE8 users, you need that new security update
JACOBSONR 14th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
10 years - or so?
EraldK2 30th Mar 2010
We've been bombarded with MS insecurities for over 10 years. And the IT industry / pundits STILL doesn't get it?

MS is insecure by design, and dangerous to use.

Kind of sad that we put people on the moon decades ago, and we still have to endure this MS crap.
0 Votes
+ -
they'll never get it....
deaf_e_kate Updated - 30th Mar 2010
they spin more than a wind turbine in a hurricane to keep defending the cr*p.
0 Votes
+ -
go ahead.. big head.. develop ur own Design
aks78 30th Mar 2010
need I say more.. happy
0 Votes
+ -
Contributr
Meanwhile
Ed Bott 30th Mar 2010
The 700MB+ update I downloaded for OS X today fixed 88 separate vulnerabilities. Some of them allowed exploitation simply by visiting a web site.

Just sayin'.
0 Votes
+ -
Oh really.
Intellihence Updated - 30th Mar 2010
My download for Snow Leopard was 482 Mbs. And as for the 88
vulnerabilities, where did you pull that from your hat? I went to the
APPLE KB site & noticed not all those patches were meant for Snow
Leopard. It was pretty much mixed, some for Snow leopard, some for
Tiger, & some for OS X Server. Mister Bott, it's high time you give it up
with your lies. 88 exploits for the Mac & never was I pwned. Unlike the
millions worldwide that were being affected by this MSFT exploit for
weeks, maybe even months. Again, MSFT is ReActive, whereas APPLE is
ProActive.

Mister Bott, your credibility with me, IS SHOT.
0 Votes
+ -
Same with you
Cylon Centurion Updated - 30th Mar 2010
http://blogs.zdnet.com/security/?p=5916

^ There is your information. He never said they were all for Snow Leopard.

"Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping 88 documented vulnerabilities.

The Mac OS X v10.6.3 update, which is considered ?critical,? covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks."
0 Votes
+ -
Mac OSX has security holes you can drive a truck through
marks055@... 30th Mar 2010
But we both know the hackers don't pick on the 4 or 5% of market share the mac has when they can go after 90%. If Ed wasn't running the latest updates already its conceivable his download could be larger. So please grow up, you sound like a 13 year old in a flame war.
I use and love my MacBook Pro, I think Snow Leopard is a great OS, but so is Win 7. Apple is known for taking its time fixing security flaws and you probably know it. A totally secure OS is probably a pipe dream at this stage, MSFT problems are compounded by a need for backward compatibility because of the enterprise specific apps which depend on components of Windows. Personally I'm happy OSX still has a fairly small market share, it makes the vulnerabilities it has less likely to be exploited.
0 Votes
+ -
Ed's credibility is shot? because he's not a kool aid drinking fanboy?...
SonofaSailor 30th Mar 2010
who would've thought?

Um, if Apple was "proactive" they would have addressed the issues before they were issues, and no download to fix the issues would have been necessary, on Ed's or your's part...whether it's 700mb or "482mb" or whatever.

700mb or 482mb, that's alot of other o/s's entire image sizes, and they're not in the news for fixing 88 vulnerabilities.

How credible is your "shot credibility" really?
0 Votes
+ -
Apple is slower to fix problems than MS
deaf_e_kate 31st Mar 2010
and MS is slow........
Choking on that Apple yet?
0 Votes
+ -
O RLY?
Sleeper Service 31st Mar 2010
"Again, MSFT is ReActive, whereas APPLE is
ProActive."

Is that why Charlie Miller used an explot he'd known about for over a year to crack Safari in 2009?

Just sayin'.
0 Votes
+ -
Contributr
784MB
Ed Bott 31st Mar 2010
Here, see for yourself:

http://support.apple.com/kb/DL1017
0 Votes
+ -
can't we all just get along?
rroberto18 1st Apr 2010
ed:
the vast majority of your readers do NOT believe
you are on microsoft's payroll or a member of
any anti-apple cabal

to those few who fail to find your articles
unbiased, up-to-the-minute, essential news, why
do they read you or anyone else at zdnet in the
first place?

anger wins neither minds nor hearts
...misplaced anger even less so...

thank you for doing a great service...and for
calmly responding to personal attacks with
civility and facts
0 Votes
+ -
Article was about Microsoft, not Apple...
jasonp@... 30th Mar 2010
but we'll give you a "C" for attempted spin. Actually, upon further review we had to dock you a full letter grade since it was your article and you should have actually known what it was about. "D" it is.
0 Votes
+ -
Any reason your want to avoid the comparison? (nt)
rtk 30th Mar 2010
.
0 Votes
+ -
Sure, simple...
jasonp@... 31st Mar 2010
Whenever the comparison is brought up in the reverse direction, the NBMers bet their ******* all in a twist. It's understandable that people want to be hypocritical about their religion, but it's also understandable for people like me to stand there and point it out when it happens.
0 Votes
+ -
simple ... shows that apple is not bitten anymore only
hifi@... 31st Mar 2010
... its rotten as well
0 Votes
+ -
Contributr
Replying to a Talkback
Ed Bott Updated - 31st Mar 2010
Sheesh. Can't you follow a thread?

The original comment said "We've been bombarded with MS insecurities for over 10 years." I pointed to another OS that will celebrate its 10th anniversary in less than a year and is still releasing frequent security updates: 88 of them just this week, in one humongous package.

Get it now?
0 Votes
+ -
Just sayin....
RealNonZealot 31st Mar 2010
...nothing that's ever been exploited in the wild.

Meanwhile, over the last decade or so, IE's flaws have fueled the entire
hacker/spammer/criminal cyber infrastructure.

I've been hearing this same silliness for 20+ years, and meanwhile all of
my Mac systems have enjoyed a low-maintenance virus-free, malware-
free existence, while we spent inordinate amounts of time and money on
licenses to protect them.

Just sayin.... happy
0 Votes
+ -
And MS software are still the software requiring the *fewest* patches
honeymonster Updated - 30th Mar 2010
Try to spin it every time MS patches something,
but the fact remains.

Internet Explorer is still hit with far
fewer vulnerabilities than e.g. the
"secure" alternative, Firefox.

Chrome and Safari has not yet reached a market
share to attract the same level of scrutiny as
the two top browsers

With operating system, Windows Vista/7 are the
popular operating systems with the fewest
vulnerabilities. 3 times less than OSX and only
half those of Linux (kernel - not a full
distro).

So you were saying?

And just to set this straight: In this latest
patch, only 2 (two!) are for the newest
combination IE8/Windows 7. The rest is
distributed on various other combinations of
browser and operating systems, with IE6 on
WinXP being hit with the worst. I'd say that is
a testament to the attention MS has on security
as of lately.
0 Votes
+ -
"Hit" with fewer vulnerabilities?
mjpwall@... 31st Mar 2010
Could you define "Hit" in this context? as it may indeed have fewer
vulnerabilities, it would appear to me it is "hit" far more 99.999% of all
trojans, virus and other malware appears to "hit" the windows platform
does it not?
0 Votes
+ -
You don't get "hit with vunerabilities"...
jasonp@... 31st Mar 2010
you get hit with exploits. If the vulnerability is too difficult to exploit or the payload of exploitation is minimal, who really cares? As an example, a vulnerability having an exploit vector that requires a physical presence and the only payload is to create a denial of service type outage is far less of a problem than a vulnerability that has an exploit vector which can be executed remotely and allows full system access. People just love to look at the world in black and white and ignore all the various other colors. Also, it's meaningless to count patches. A single patch can fix a single vulnerability or a hundred vulnerabilities. Count the vulns, not the patches and weigh the payload that can be achieved by exploiting the vuln. I know...this requires critical thinking skills and is therefore well beyond the ability of most people.
0 Votes
+ -
jasonp ... get real ... you are like the most of us
hifi@... 31st Mar 2010
who "cannot grasp" ... the only difference is that you have an ego the size of Texas
0 Votes
+ -
So, what do you suggest?
wright_is 31st Mar 2010
I've been getting Linux patches for over a decade as well, and OS X patches since I bought an iMac and BSD patches... (I'm no Windows fanboy, but I don't delude myself that the other platforms I use on a daily basis are 100% error free and secure either. wink .)

Show me one operating system which is 100% secure...

The only 100% secure computer is one in a locked room, with no network connection and the power turned off...
0 Votes
+ -
RE: Yes, IE8 users, you need that new security update
beijing2008 14th Sep
Thank you for sharing! =D rolex daytona replica
0 Votes
+ -
go ahead.. big head.. develop ur own Design
aks78 30th Mar 2010
need I say more happy
0 Votes
+ -
I really can't remember when I was the victim of any exploit
tonymcs@... 30th Mar 2010
While I'm happy for Win Update to make IE even mroe secure, I haven't seen an exploit or virus for a long, long time. As soon as people stop running executable email attachments or going to dodgy sites and downloading game cracks and porn, then the exploits will stop too - ooh wait maybe that won't happen.

On the other hand in the real world, I got $1200 taken from my bank account by a skimmer attached to an ATM. Yes I should have noticed it, but these days they can look like part of the machine. So while social engineering seems like evolution in action, be watchful in the real world.
0 Votes
+ -
Most people don't know they are exploited
deaf_e_kate 31st Mar 2010
so ignorance of "being exploited" is not a defence
0 Votes
+ -
Exploits are sometimes hard to see.
savio.lau 31st Mar 2010
It just all depends on whether you end up running into a site that serves the exploit. Previously, people mostly run into issues when they serve into the darker side of the Internet. Nowadays, with advertisers serving malicious ads erroneously, nowhere is safe.

Besides, regarding this particular out-of-band patch, we have already seen spam email linking to the exploit in the wild:
http://www.sophos.com/blogs/sophoslabs/?p=9030

As a side note, not all malware are loud and obnoxious. Some just quietly sits in the background and happily steal your banking info. So, no recollection of running into an exploit does not mean that the attempt had not been tried. Overall, it's just better to be safe by patching your system and minimize the possibility of getting into problems.

Savio Lau, SophosLabs Canada
0 Votes
+ -
RE: Yes, IE8 users, you need that new security update
jones6780 31st Mar 2010
My system installed the update last night. This morning all my documents, pictures and user files were GONE! I had to go back to a previous restore point. What is up with that? How could MS send out updates to destroy my life?
0 Votes
+ -
Contributr
Completely unrelated
Ed Bott 31st Mar 2010
Restore points do not save or affect your data at all. And this update simply replaced some files related to IE.

Most likely explanation is that your user profile failed to load properly on first reboot after the update. When you restarted after using System Restore, your profile loaded properly. Your files were always there.
0 Votes
+ -
As is...
webmaster@... Updated - 31st Mar 2010
http://talkback.zdnet.com/5208-12354-0.html?forumID=1&threadID=77769&messageID=1511263

Just sayin...
0 Votes
+ -
Contributr
You miss the point completely
Ed Bott 31st Mar 2010
Why am I not surprised?
0 Votes
+ -
I really appreciate the article Ed!..
JCitizen 31st Mar 2010
I mean that. We all know how the trolls roll.
0 Votes
+ -
I know, I know.
rtk 31st Mar 2010
trolls roll when kicked, right?

wink
0 Votes
+ -
HAHA! For sure! ...:D
JCitizen 1st Apr 2010
laugh
0 Votes
+ -
All Operating Systems Are Suseptable. To Security Flaws
Synate.Deszeld 31st Mar 2010
How many Friggin Times must I Say This? "All Operating
Systems Are Subseptable To The Same Exploits As Windows.
Get It Through Ya'lls Thick Skulls Nothing Is 100%
Secure.Any Operating System Can Be Exploited Or
Compraised. Easyly No Matter How Secure Or How well
Updated Your System Is.
0 Votes
+ -
RE: Yes, IE8 users, you need that new security update
MACKENZI 11th Sep
I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
0 Votes
+ -
RE: Yes, IE8 users, you need that new security update
PEARLINEI 12th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
0 Votes
+ -
RE: Yes, IE8 users, you need that new security update
RHIANNONA 13th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
0 Votes
+ -
RE: Yes, IE8 users, you need that new security update
SATURNINA 14th Sep
I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
0 Votes
+ -
RE: Yes, IE8 users, you need that new security update
TOCCAR 25th Sep
Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board. z d n e t t h a n k Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
0 Votes
+ -
RE: Yes, IE8 users, you need that new security update
MCKNIGH 26th Sep
Thanks nice info z d n e t I really liked your current article write more..let me add you to its favorite The articles you have on zdnet s i t e are always so enjoyable to read. Good work and I bookmarked it.
0 Votes
+ -
RE: Yes, IE8 users, you need that new security update
RICHMONFT 30th Sep
Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
0 Votes
+ -
RE: Yes, IE8 users, you need that new security update
JACOBSONR 14th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix