Critical IE 7 fix is now available

If you're running Internet Explorer (IE) 7, you can go get the critical patch Microsoft released on December 17 to thwart a serious security vulnerability discovered earlier this week.

Update: If you're running one of the IE 8 test builds, you still should patch your systems, as well.  Microsoft has made available versions of the patch for IE 8 and is telling individuals who obtained last week's private "IE 8 Partner Build" they should apply the patch, too. (The partner build number is 8.0.6001.18344.)

Microsoft said today's out-of-band IE patch applies to "over 300 versions of IE across more than 25 languages." The patch was developed in nine days and will be pushed out by the company's automatic patching mechanisms.

Here's the latest update from Christopher Budd, Microsoft security response communications lead:

"Today, Microsoft released security update MS08-078 which will address a new vulnerability allowing remote code execution in all affected versions of Internet Explorer products. Microsoft encourages all IE customers to test and deploy this update as soon as possible.

"At this time, we are aware only of attacks that attempt to use this vulnerability against Windows Internet Explorer 7. Our investigation of these attacks so far has verified that they are not successful against customers who have applied the security update. MS08-078 has a maximum severity rating of Critical for all versions of Internet Explorer.

"Microsoft is hosting two webcasts to address customer questions on this bulletin today at 1:00 PM PDT and Thursday, Dec. 18, 2008 at 11:00 AM PDT in the U.S. and Canada....After Thursday, this webcast is also available on-demand."

As of 10:00 AM PT on the 17th, the update was available through all standard security update management systems including, SCCM, SMS, WSUS, and Windows Update, a Microsoft spokesman added.