News

Critical IE Patches Released

Microsoft released a cumulative patch fixing three critical vulnerabilities for Internet Explorer on Monday night.

The patch includes fixes for six new vulnerabilities, although three represent only a moderate risk, and rolls together fixes for all previous IE vulnerabilities.

The new vulnerabilities affect IE 5.01, IE 5.5 and IE 6.0. Microsoft does not support versions of IE earlier than IE 5.01 with Service Pack 2.

"Customers using an affected version of IE should install the patch immediately," Microsoft recommends.

The most serious new vulnerability could allow an attacker to run code on a user's system. It involves a buffer overrun vulnerability in an HTML directive that is supposed to be used to incorporate a document within a Web page. The problem affects IE versions 5.5 and 6.0 but not IE 5.01.

The two other critical vulnerabilities affect all three versions of the browser. In one, a scripting function called GetObject can be abused by a Web page to read files on a visiting user's machine.

The other is a variant of the "Frame Domain Verification" vulnerability of Microsoft Security Bulletin MS01-058. This vulnerability also involves a malicious Web site operator reading files from a user's local computer and enables URL spoofing.

Patches for other newly discovered vulnerabilities include a file download dialogue spoofing problem, an application invocation via content-type fields and a script execution.

The Security bulletin can be read here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-005.asp.

The patch can be downloaded here: http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp.

Installation requires a restart, and the patch cannot be uninstalled.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • What Does Office 365 Support for New Surface Hardware Actually Mean?

    Microsoft has spilled a lot of ink touting the ways that its new Surface-branded peripherals will be bring Office 365 features to life.

  • Azure Active Directory ID Protection 'Refresh' Now Available

    Microsoft's enhancements to the Azure Active Directory Identity Protection service are now said to be "generally available" (GA), or ready for commercial use, per a Wednesday announcement.

  • Microsoft Releases Windows 10 Version 1909

    Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.