Top Nav

Microsoft Releases Security Update MS08-078 Out of Band [Security Alert]

Microsoft releases Security Updates on the 2nd Tuesday of every month.  In the “industry” it’s called “Microsoft Super Tuesday.”  I usually don’t talk about it much because it’s been happening for years and under most normal circumstances your Windows machine will Auto-Update using Windows Update or WSUS if you have a Corporate machine.

 

Once in a Blue Moon Microsoft will release a security patch “out of band.”  It’s only happened once this year (not counting yesterday’s release) so when they do it, it’s pretty serious.

 

So…that brings us to .  Yesterday, Microsoft released Security Updates for Internet Explorer 7 and Today for Internet Explorer 8 and Server 2008 SP2 Beta.

 

For a list of all the patches for all the various Windows Client and Windows Server Versions as well as x86 and x64, take a look at this link over at microsoftPost.

 

This release is particularly nasty because all you have to do is visit a Malicious Website which has the Exploit code OR visit a Website which has been hacked and is now running the Exploit code.  When you visit the site, the code will use the Internet Explorer Security Vulnerability and Tadaa. Your Machine is compromised.

 

As of yesterday afternoon, my source at Microsoft said they were “aware” of ~6000 websites which were hosting the malicious code (and growing.)  With that in mind, they pulled the trigger on the “out of band” patch.

 

To get updated, most users will only need to visit Windows Update and are MOST LIKELY already patched.

 

If you want to VERIFY that you have been patched:

Note: Screen Shots taken from Windows XP and IE7.

 

1.   Open Internet Explorer and Click Tools, Windows Update

Launch Windows Update from IE7

 

2.   Click Custom

Windows Update Website

 

3.   Verify or Check Radio Buttons on the Patches you want to install (KB960714 or MS08-078 in my Screenshot) and Click Review and Install Updates

How To Install Updates using Microsoft Update

Follow the prompts from there, and you should be golden.  The IE patch I mentioned above (MS08-078 or KB960714) requires a reboot so be prepared for that and Save any open documents or work you might have open.

 

Windows Vista is very similar however once you launch Windows Update from Internet Explorer, it will take you to a built-in Windows Update menu inside Windows Vista (there is no website like XP.)  From there, it’s very simple to get around and install the update process.

Windows Update Menu for Windows Vista

 

I hope that gets everyone on the right track!  HAPPY GROOVY PATCHING!

 

Tags: , , ,

More Reading:

, , , , , , , ,

2 Responses to Microsoft Releases Security Update MS08-078 Out of Band [Security Alert]

  1. Matt December 24, 2008 at 9:00 am #

    Thanks for the information! Now how do I find out or detect my machine was infected or not? I put in the ‘new’ patch, but since that first update I’ve been experieng problems. I want to make sure it isn’t from this patch?

    Thanks
    Matt P, IL

  2. MrGroove December 24, 2008 at 12:29 pm #

    Hi Matt,

    Yikes… Well, it’s a bit hard to say if your infected or not. Depending on the Virus / Malware Payload you “might” have caught before you were patched, each will have it’s own signature. Honestly, the ONLY way to check your box is to do a full scan on your machine using an Anti-Virus program with updated Signatures.
    Do you have AV installed? Try the scan and report back. In reagrds to the Update causing problems, what kind of problems?

    Feel free to post here but I would prefer if you post your issues in our Forum – http://www.groovypost.com/forum/. Comments on this Blog system is not the greatest for long conversations. 😉

Leave a Reply