Update Sekuriti Terbaru Untuk IE8 & Windows XP

Bila Anda sudah menggunakan Internet Explorer 8 (IE8) dan Windows XP SP3, ada kumpulan update terbaru dari Microsoft...

Update ini kategori kritikal karena akan mengupdate kelemahan IE8 di fitur remote akses dan kebocoran sekuriti yang memungkinkan hacker menggunakan kode remote untuk mengacaukan sistem Windows.


General Information - Microsoft Security Bulletin MS09-054 - Critical
Executive Summary

This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Firefox users who are running the Windows Presentation Foundation (WPF) plug-in and do not have it disabled should also apply this security update. For more information regarding this issue, please see the FAQ section for HTML Component Handling Vulnerability – CVE-2009-2529.

This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses these vulnerabilities by modifying the way that Internet Explorer processes data stream headers, validates arguments, and handles objects in memory. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.

Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

0 komentar: