Larger text
Smaller textInternet Explorer Web Browser Security Bug Reported - SSO-AL2009-058
24 November 2009
Software and platforms affected
The following software is affected
Internet Explorer 6
Internet Explorer 7
for the following operating system platforms:
Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
What is the problem?
There is a bug in versions 6 and 7 of the Microsoft Internet Explorer web browser, which could result in your computer being attacked by criminals.
What we recommend you do
Microsoft is still investigating the bug, but has found so far that Internet Explorer 8 is not affected. To check which version of Internet Explorer you have installed, open the Internet Explorer web browser and select “Help” from the top menu, then select “About Internet Explorer”.
Users can download Internet Explorer 8 here:
http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx
Alternatively you can install Internet Explorer 8 by selecting it from the optional updates provided by Automatic Updates.
Information on how to setup Automatic Updates can be found here:
For Windows XP:
http://www.ssoalertservice.net.au/view/8d826d7e1f09438435017ec08986beec
http://www.microsoft.com/protect/computer/updates/xpsp2.mspx
For Windows 2000:
http://support.microsoft.com/kb/327850
For Windows Vista:
http://www.microsoft.com/protect/computer/updates/vista.mspx
The Microsoft Update web site enables you to update your Microsoft operating system and all other Microsoft software, such as Microsoft Office, from one location. When you visit Microsoft Update with Internet Explorer, the site scans your computer and gives you a list of updates relevant to your computer and its configuration. You then decide which updates you want to download and install.
For instructions on installing optional updates please refer to the newsletter from September 2009:
http://www.ssoalertservice.net.au/content/doc/September_2009.pdf
Where you can find more information
The following links provide more information about the bug and the software platforms affected:
http://www.microsoft.com/technet/security/advisory/977981.mspx
Disclaimer
This Alert has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy. The information is intended for used by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and information in this Alert is not adapted to any particular person's circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances. The Commonwealth, AusCERT, and all other persons associated with this Alert accept no responsibility or liability for information either included or referred to in the Alert. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Alert, whether by way of negligence or otherwise. The listing of a person or organisation in any part of this site or Alert does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service. Please note that material in this Alert, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Alert may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties.