Mmm... Out-of-Band Critical Updates... If you’ve been hearing the news over the past couple of days, you’ve heard about the exploit that was discovered, and has been taken advantage of, in Internet Explorer. 

“'IE?  What version?”

All versions.  It is documented in these two articles:

This issue is categorized as CRITICAL, because it is actively being exploited.  In the case of this one, there are web sites that have been compromised, or have deliberately been configured, to cause remote execution of code in Internet Explorer.  And as most of you know – any code that is running as YOU, which you didn’t intend to run, is a potential hole into doing something nasty to your systems or to your information.

“What other resources are out there?”

There are some webcasts scheduled for getting questions answered.  In fact, one of these is happening even as I type this blog post. 

If you’re interested in seeing Thursday’s, you’d better register quickly.  They do have a limit.

But if you missed them, you may still be able to use these links to view the recordings of these webcasts on-demand.  Usually it takes a day or two to make the recording available, so check back.

** UPDATE: These are now indeed available to watch on-demand. **

“Okay, Kevin.. I don’t need to know any more.  How do I get the patch?”

If you have set your systems to update automatically, they’ll get it very soon.  (My Vista Ultimate computer I run as my family’s Media Center computer actually already sees the update and is asking if I want to install it.)  My corporately managed PC also already has the fix available (no surprise there). 

If you want to download it or deploy it some other way, you should look at the Security Bulletin

Otherwise, the easiest way to install it if it hasn’t shown up automatically is to use Windows Update or Microsoft Update.  Scan for new updates, and install any outstanding updates.

 

Also - now would be a good opportunity to send a reminder out to the people you support, reminding them to be aware of where they’re browsing.  Watch for any unsolicited or unexpected pop-ups that are trying to get you to install or run something.  And until your system is up-to-date, be particularly mindful of your policies of the acceptable use of corporate resources.  Now is not the time to be going to some new gaming site or other non-business related browsing.