Critical Internet Explorer patch released

Microsoft released a security update that resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer.

The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated critical for all supported releases of Internet Explorer:

  • Internet Explorer 5.01
  • Internet Explorer 6
  • Internet Explorer 6 Service Pack 1
  • Internet Explorer 7
  • Internet Explorer 8 (except Internet Explorer 6 for supported editions of Windows Server 2003).

For Internet Explorer 6 for supported editions of Windows Server 2003 as listed, this update is rated Moderate. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.

Wolfgang Kandek, Qualys CTO, comments: “An out-of-band release causes additional work for IT administrators that are tasked with addressing operating system vulnerabilities and are have been feeling the strain of keeping updated the growing number of software packages that attackers are increasingly targeting. Nevertheless, given that exploits are available and that security researchers have shown that DEP as a defense can be circumvented, we recommend applying this update as soon as possible.”


Don't miss