Microsoft has released a critical out-of-band patch, KB960714, that resolves a publicly disclosed vulnerability which could allow remote code execution in Internet Explorer (IE). TSO will push out two patches from Microsoft through LANDesk to all managed CoC Windows XP machines. The IE6 patch will be pushed out beginning at 5:00 PM on Friday, December 19, 2008. The IE7 patch will be pushed out beginning at 5:30 PM. These patches require a reboot following installation, so all CoC Windows XP users should save their work and leave their computers on before leaving for the day. This patching is expected to be completed by 6:00 PM, December 19.

Windows XP laptop users will need to manually patch their machines or use Windows Update to get the patch (KB960714). Links to the patch are available through the Security Bulletin, provided below.

Security Bulletin:

http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx