Critical IE Patches Released

Microsoft released a cumulative patch fixing three critical vulnerabilities for Internet Explorer on Monday night.

The patch includes fixes for six new vulnerabilities, although three represent only a moderate risk, and rolls together fixes for all previous IE vulnerabilities.

The new vulnerabilities affect IE 5.01, IE 5.5 and IE 6.0. Microsoft does not support versions of IE earlier than IE 5.01 with Service Pack 2.

"Customers using an affected version of IE should install the patch immediately," Microsoft recommends.

The most serious new vulnerability could allow an attacker to run code on a user's system. It involves a buffer overrun vulnerability in an HTML directive that is supposed to be used to incorporate a document within a Web page. The problem affects IE versions 5.5 and 6.0 but not IE 5.01.

The two other critical vulnerabilities affect all three versions of the browser. In one, a scripting function called GetObject can be abused by a Web page to read files on a visiting user's machine.

The other is a variant of the "Frame Domain Verification" vulnerability of Microsoft Security Bulletin MS01-058. This vulnerability also involves a malicious Web site operator reading files from a user's local computer and enables URL spoofing.

Patches for other newly discovered vulnerabilities include a file download dialogue spoofing problem, an application invocation via content-type fields and a script execution.

The Security bulletin can be read here:

The patch can be downloaded here:

Installation requires a restart, and the patch cannot be uninstalled.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.