Kevin Remde's IT Pro Weblog
IT Pro Resources
TechNet EventsMicrosoft Security Response CenterTechNet IT Manager Community HubMicrosoft Virtual AcademyKevin’s Evaluation Download Center
IT Pro Evangelist Blogs
Blain Barton Blain Barton's Blog@BlainBar
Brian LewisMy Thoughts on IT...@BrianLewis_
Dan Stolts IT Pro Guru Blog@ITProGuru
Jennelle Crothers TechBunny@jkc137
Keith MayerIT Pros ROCK!@KeithMayer
Kevin Remde Full of I.T.@KevinRemde
Matt Hester Matthew Hester's WebLog@MatthewHester
Tommy PattersonVirtually Cloud 9@Tommy_Patterson
Yung Chou Yung Chou on Hybrid Cloud@YungChou
If you’ve been hearing the news over the past couple of days, you’ve heard about the exploit that was discovered, and has been taken advantage of, in Internet Explorer.
“'IE? What version?”
All versions. It is documented in these two articles:
This issue is categorized as CRITICAL, because it is actively being exploited. In the case of this one, there are web sites that have been compromised, or have deliberately been configured, to cause remote execution of code in Internet Explorer. And as most of you know – any code that is running as YOU, which you didn’t intend to run, is a potential hole into doing something nasty to your systems or to your information.
“What other resources are out there?”
There are some webcasts scheduled for getting questions answered. In fact, one of these is happening even as I type this blog post.
If you’re interested in seeing Thursday’s, you’d better register quickly. They do have a limit.
But if you missed them, you may still be able to use these links to view the recordings of these webcasts on-demand. Usually it takes a day or two to make the recording available, so check back.
** UPDATE: These are now indeed available to watch on-demand. **
“Okay, Kevin.. I don’t need to know any more. How do I get the patch?”
If you have set your systems to update automatically, they’ll get it very soon. (My Vista Ultimate computer I run as my family’s Media Center computer actually already sees the update and is asking if I want to install it.) My corporately managed PC also already has the fix available (no surprise there).
If you want to download it or deploy it some other way, you should look at the Security Bulletin.
Otherwise, the easiest way to install it if it hasn’t shown up automatically is to use Windows Update or Microsoft Update. Scan for new updates, and install any outstanding updates.
Also - now would be a good opportunity to send a reminder out to the people you support, reminding them to be aware of where they’re browsing. Watch for any unsolicited or unexpected pop-ups that are trying to get you to install or run something. And until your system is up-to-date, be particularly mindful of your policies of the acceptable use of corporate resources. Now is not the time to be going to some new gaming site or other non-business related browsing.