‘Critical’ IE Patch Released

As promised,
Microsoft has released a monster patch to secure its flagship Internet
Explorer (IE) browser from takeover attacks.

The software giant’s out-of-cycle MS04-025
advisory included fixes for several “critical” bugs that have
already lead to code execution attacks.

That cumulative patch, which replaces the MS04-004 bulletin, provides a
comprehensive fix to the core vulnerability that led to the Download.Ject malware attack
last month.

In that attack, malicious hackers exploited vulnerabilities in
Microsoft’s IIS 5.0 servers and IE to distribute malware programs.

Software products fixed with the latest patch include Windows NT
Workstation 4.0, Windows NT Server 4.0, Windows 98, Windows Millennium
Edition (Me), Windows 2000, Windows XP and Windows Server 2003.

The cumulative patch covers IE versions 5.01, 5.5 and 6.0.

According to the Microsoft alert, the flaws opened the door for attackers
to install programs; view, change, or delete data; and create new accounts
with full administrative privileges.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web