Microsoft keeps calm, issues emergency IE update

'Classic example of incident response,' argues security professional

By , Computerworld |  Security, Internet Explorer, Microsoft

Because Microsoft patched only the one zero-day vulnerability, said Storms, it's probable that next month's Patch Tuesday will include a wider-ranging IE update. "We do need to remember that its very likely we will still have a regular IE update in February," Storms said. "So just as soon as we are done getting this bad boy distributed, there will be another update waiting."

One possible sticking point with today's emergency patch is that it is not a cumulative update, or one that includes all past IE patches, as is the norm for IE. Users must also apply last month's MS12-077 to be up-to-date, and according to Microsoft, to avoid problems down the road.

"Customers who have not installed the latest cumulative security update for Internet Explorer [MS12-077] may experience compatibility issues after installing the MS13-008 update," Monday's security bulletin stated.

Today's out-of-band update was the first since September, and only the fourth since September 2010.

Windows users can obtain MS13-008 via the Microsoft Update and Windows Update services, as well as through the enterprise-oriented WSUS (Windows Server Update Services).

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is

See more by Gregg Keizer on

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question