Internet Explorer flaws patched

Date: June 15, 2005
Source: Computer Crime Research Center
By: Compiled by CCRC staff

Microsoft today released 10 security patches, including three deemed "critical," for bugs in a variety of the company's products. The critical patches, released as part of the company's monthly update program, repair flaws in Windows and Internet Explorer that could allow attackers to take complete control of a computer, Microsoft said.

The IE bug could theoretically allow Web pages with malicious code stored in the form of PNG graphics files to gain control of a user's system. Microsoft also found a similarly critical bug in the Windows HTML Help system, as well as a flaw in Microsoft's SMB file-sharing protocol.

"There is the potential for an attacker to somehow create an automated attack that could result in some sort of virus or worm," said Stephen Toulouse, security program manage with Microsoft's Security Response Center.

The "critical" security flaws, the company's highest threat level, affect Microsoft's Windows operating system. The software maker released other patches to address less serious problems with Windows, the Exchange server system, services for the Unix operating system, Microsoft's Interactive Training software for Windows, and ISA server, a network firewall program.

Microsoft said it was rereleasing three previous security bulletins: one for Windows, one for the .NET framework, and one for an SQL server scanning tool.

Some of the flaws affect computers with operating systems dating back to Windows 98.

Users who have installed Microsoft's massive security update for Windows XP, Service Pack 2, also will need to install some patches unless they've signed up for automatic updates.

---

Add comment  Email to a Friend