Microsoft Patches Internet Explorer 9, Launches YourBrowserMatter

Microsoft’s latest Patch Tuesday was one filled with fixes for vulnerabilities across the company’s host of products, with Internet Explorer 9 receiving a hefty dose of attention. Included in the Patch Tuesday bulletins was an update to Internet Explorer 9 that addressed a total of eight vulnerabilities. Microsoft listed the update as “critical,” which is its most urgent rating.

Due to the critical status of the Internet Explorer 9 fix, any users with the recommended Windows Update setting of “install updates automatically” enabled should receive it by default.  Microsoft urges users with automatic updates disabled to install the fix manually via Windows Update.  IT administrators in charge of handling organizations are urged to do the same using their go-to software for managing patches in-house.

Of the eight vulnerabilities targeted by the IE9 update, the most crucial make it possible for remote code execution to occur on PCs where users have visited certain affected web pages with Internet Explorer.  The execution of such code would give hackers the ability to achieve the same level of rights on the PC as the actual user.  The Microsoft Security Bulletin noted that the new fix updates Internet Explorer’s method of allocating and addressing memory.  Some may find the timing of the IE security update to be rather ironic since Microsoft just released a web page comparing the security of major browsers.  Not surprisingly, Microsoft listed Internet Explorer as the safest browser around.

Beyond elevating Internet Explorer 9 to version 9.03, Microsoft’s browser-centric update also addresses issues found in Internet Explorer 6, 7, and 8.  Microsoft added various fixes for issues outside of the realm of security as well.  A fix to ensure the proper functioning of Windows 7 gadgets has been included, and so has a resolution concerning a problem with adjusting font size in Windows Mail after installing Internet Explorer 9.  Other than Internet Explorer, Microsoft’s Patch Tuesday contained updates to fix vulnerabilities detected in the .NET framework, Windows, Silverlight, and more.

For more on this topic, visit http://news.cnet.com/8301-1009_3-20119909-83/microsoft-patches-ie9-with-new-security-update/?tag=txt;title

Microsoft Launches YourBrowserMatters.org to Alert Consumers

The existence of web surfers using out of date browsers is apparently so widespread that it sparked Microsoft to make a website dedicated to the topic.  It’s called YourBrowserMatters.org, and its aim is to enhance the online security of consumers by stressing the need to use the most updated versions of browsers available.

A post on the Exploring IE blog for Internet Explorer users helped announce the launch of YourBrowserMatters.org.  Several key statistics accompanied the post to showcase the threats associated with the use of outdated browsers.  According to Volume 11 of the Microsoft Security Intelligence Report, socially engineered malware targeting outdated software, including web browsers, represented one of the biggest threats to online security.  The report gathered data from over 600 million systems spread across 100-plus countries to come up with its conclusion, and it noted that such attacks were much more of a widespread threat than those attributed to the highly publicized zero day vulnerabilities.  The blog post went one step further to claim that approximately 25 percent of all PCs that connect to the internet use outdated browsers.  That percentage represents nearly 340 million PCs across the globe.

Microsoft cites phishing attacks as one of the most popular socially engineered attacks used by cybercriminals.  Phishing attacks often prey on potential victims by using manipulation to extract sensitive data.  They often attempt to steal files or coax users into downloading malicious software as well.  The Security Intelligence Report found that phishing accounts for 45 percent of computer infections.  Over time, modern browsers have instituted anti-phishing measures, such as Internet Explorer 9’s SmartScreen and Application Reputation features.  This shows why the need to use updated browsers is essential, and is why YourBrowserMatters.org was created.

Craig Spiezle of the Online Trust Alliance described the importance of the launch of YourBrowserMatters.org in a blog post: “Recently Microsoft launched a campaign to educate people and get them to migrate to newer browsers through its new site http://www.YourBrowserMatters.org. This site helps to explain why having a modern browser is important. The site is broken down into two parts – one is an education component. For those who’re curious as to exactly why a browser matters, the videos and the interactive components an easy way to learn more. The second part is a security score –which detects your browser and provides a score based on Microsoft’s criteria.”

By visiting YourBrowserMatters.org, a user can receive an actual rating on their current browser’s level of security.  Data gathered from the Security Intelligence Report and security professionals is used to produce ratings on a scale of 0 to 4.  Browsers deemed as having the best security measures in place will are rated higher than those with lesser features.  Once the analysis is complete, YourBrowserMatters.org can then be used to upgrade to the latest available version of popular browsers such as Internet Explorer, Mozilla Firefox, or Google Chrome.

For more on this topic, visit http://windowsteamblog.com/ie/b/ie/archive/2011/10/11/are-you-one-of-the-millions-at-risk-from-socially-engineered-malware.aspx

[gp-comments width="770" linklove="off" ]