# Solved: Microsoft confirms that all versions of IE have critical new bug



## RootbeaR (Dec 9, 2006)

"In a revised security advisory, Microsoft said research confirmed that the bug is within all its browsers, including those it currently supports -- IE5.01, IE6 and IE7 -- as well as IE8 Beta 2, a preview version that the company doesn't support through normal channels.
Users running any of those browsers on Windows 2000, XP, Vista, Server 2003 or Server 2008 are at risk, Microsoft said.

Among those, said Eiram, was the belief that the vulnerability existed only in IE7 and was related to XML processing -- as some, including Secunia, first thought.

Also incorrect, or at least partly so, is the idea that setting IE's Internet security zone to "High" and disabling scripting will keep one safe from attack, added Eiram. "Technically no ... it is still possible to trigger the vulnerability," he said. "However, it does make exploitation trickier as it protects against attacks using scripting.""
http://www.computerworld.com/action...leBasic&articleId=9123338&intsrc=news_ts_head


----------



## new tech guy (Mar 27, 2006)

Another reason to use firefox and keep that patched up as well . I dont use noscript but honestly since i have converted users to it i have seen a serious reduction in infection issues.


----------



## Mumbodog (Oct 3, 2007)

Patched as of December 17, 2008

KB-960714

http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx


----------



## new tech guy (Mar 27, 2006)

I run windows update so i should be good .


----------

