SecurePurdue > News & Alerts > Cumulative security update for Internet Explorer

  Cumulative security update for Internet Explorer

Published in Handler's Log | Posted by Cynthia Welch on October 20, 2009

Cumulative security update for Internet Explorer

Please reference MS09-054 http://support.microsoft.com/kb/974455l

Update 10-19-09:   The MS09-054 vulnerability extends beyond Internet Explorer (IE).  Those using the Windows Presentation Foundation plug-in enabled within Firefox are at high risk of “drive by downloads” specifically targeting this vulnerability.    Microsoft is urging that this plug-in is disabled.   IE users can disable XBAP as a workaround for that browser. 

In addition, the .Net Framework SP1 silently and automatically will install the plug-in in Firefox.  Due to this, Firefox users should check for the plug-in to ensure that they have it installed.    

For additional information on the attack surface for the IE Bulletin, please see the TechNet url under sources as noted below. 

Sources:

http://secunia.com/advisories/36979/

http://support.microsoft.com/kb/974455l

http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx

Software:

While the vulnerability is in an IE component, there is an attack vector for Firefox users as well.

< Back to News