IE升級補(bǔ)丁已經(jīng)發(fā)布，請Win7用戶盡快安裝

Win7之家（ airtaxifl.com）：IE升級補(bǔ)丁已經(jīng)發(fā)布，請Win7用戶盡快安裝

一早醒來，發(fā)現(xiàn)Windows Update里面已經(jīng)有包含IE 0day漏洞的IE集成補(bǔ)丁了，話不多說，趕緊截圖并來之家通知大家趕緊下載升級。寫完本文后，小編也要自己去升級了。

本次的IE補(bǔ)丁是Internet Explorer的累計(jì)補(bǔ)丁，總共修復(fù)了8個(gè)漏洞，其中包括導(dǎo)致Google在內(nèi)的多家公司被攻擊的哪個(gè)0day漏洞。

本次安全更新涉及IE5/6/7/8四個(gè)版本，問題的嚴(yán)重性包括可以允許遠(yuǎn)程執(zhí)行代碼，安裝該更新后可以消除一系列來自IE瀏覽器的漏洞，并可以減少受攻擊的風(fēng)險(xiǎn)，微軟建議客戶盡快部署防范已知攻擊的安全更新。與此同時(shí)，趨勢科技和賽門鐵克公司周四表示，他們已找到新的惡意軟件樣本，利用IE漏洞進(jìn)行攻擊。

這些IE漏洞會影響XP、Vista、Win7、Win2008等各個(gè)系統(tǒng)的安全性，大家務(wù)必趕緊升級一下。

查看微軟官方詳細(xì)補(bǔ)丁信息：Microsoft Security Bulletin MS10-002 - Critical

軟媒順便附上相關(guān)英文資訊：

IE 0-Day Patch Available Today
As close to 10:00 a.m. PST as possible

Following the public reports of an unpatched zero-day vulnerability being actively exploited in limited and targeted attacks, Microsoft has moved extremely fast to produce a patch rendering the exploits useless. The security hole the Redmond company will plug today, January 21st, 2010, was used as one of the vectors in the now infamous attacks against Google and a roster of US-based companies, originating from China. MS10-002, as the label implies, is the second security bulletin that Microsoft will release in 2010, and it will impact all supported versions of Internet Explorer.

“We are planning to release the update as close to 10:00 a.m. PST as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities,” revealed Jerry Bryant, senior security program manager, Microsoft.

MS10-002 is what Microsoft refers to as an out-of-band security update, because it does not follow the schedule of the company’s monthly patch cycle. As noted by Bryant, MS10-002 was initially planned for availability in the second Tuesday of February 2010. Microsoft Security Bulletin Advance Notification for January 2010, published on January 20, offers insight on the patch package which the Redmond company will start serving to Internet Explorer users later today.

To this day, Microsoft has only identified limited and targeted attacks against Internet Explorer 6. However, the vulnerability affects all supported versions of Internet Explorer, including IE7 and IE8 running on Windows XP, Windows Vista and IE8 on Windows 7. The Redmond company considers the security vulnerability Critical, especially since attacks have already proven that successful exploits allow attackers to perform remote code execution.

“Once applied, customers are protected against the known attacks that have been widely publicized. We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released,” Bryant added.