Microsoft Fixes Critical IE Flaw
As expected, one of the two patches that Microsoft released yesterday fixes the recent publicly disclosed vulnerability in how IE handles JavaScript “Window()” function calls. On November 21st an exploit was released targeting this flaw.
The cumulative patch for IE, MS05-054, also includes previous fixes for the web browser. The patch fixes a hole in IE’s COM (Component Object Model) that could allow remote code to run on some versions of IE, and fixes for moderately serious vulnerabilities in IE’s File Download Dialog box and HTTPS proxy.
It is highly suggested that you apply this patch as soon as possible as attacks have been reported on this flaw.
The other security bulletin, MS05-055, is rated as important and fixes a hole in the Windows core processing kernel on Windows 2000 machines running SP4. This vulnerability could allow a user with few security privileges to take control of the Windows 2000 machine once successfully logged in.
Comments