Critical IE Patches Released

Microsoft released a cumulative patch fixing three critical vulnerabilities for Internet Explorer on Monday night.

The patch includes fixes for six new vulnerabilities, although three represent only a moderate risk, and rolls together fixes for all previous IE vulnerabilities.

The new vulnerabilities affect IE 5.01, IE 5.5 and IE 6.0. Microsoft does not support versions of IE earlier than IE 5.01 with Service Pack 2.

"Customers using an affected version of IE should install the patch immediately," Microsoft recommends.

The most serious new vulnerability could allow an attacker to run code on a user's system. It involves a buffer overrun vulnerability in an HTML directive that is supposed to be used to incorporate a document within a Web page. The problem affects IE versions 5.5 and 6.0 but not IE 5.01.

The two other critical vulnerabilities affect all three versions of the browser. In one, a scripting function called GetObject can be abused by a Web page to read files on a visiting user's machine.

The other is a variant of the "Frame Domain Verification" vulnerability of Microsoft Security Bulletin MS01-058. This vulnerability also involves a malicious Web site operator reading files from a user's local computer and enables URL spoofing.

Patches for other newly discovered vulnerabilities include a file download dialogue spoofing problem, an application invocation via content-type fields and a script execution.

The Security bulletin can be read here:

The patch can be downloaded here:

Installation requires a restart, and the patch cannot be uninstalled.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • OneDrive Users To Get Storage Options, Plus New Personal Vault

    Microsoft announced a few OneDrive enhancements, including storage-option additions, plus a new "Personal Vault" feature for added security assurance.

  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.