Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

<b>Technology News:</b> Microsoft issues critical patches for Internet Explorer. By John Stokdyk

by
12th Apr 2006
Save content
Have you found this content useful? Use the button above to save it to your profile.

Microsoft's monthly security update for April included five bulletins that detailed and patched 14 vulnerabilities within version 6 of its Internet Explorer browser.

In bulletin MS06-13, released on Tuesday 11 April, eight of the bugs were given the highest rating (depending, in some cases, on which version you use).

Where an affected user is logged on as the PC's Administrator, vulnerabilities such as the "Multiple Event Handler Memory Corruption Vulnerability" or "HTML Tag Memory Corruption Vulnerability" could allow attackers to take complete control of their system. Even if the user has limited system access rights, the various exploits have been used to install malware on PCs in recent weeks.

Microsoft recommended that users apply the update patches immediately. For more details of the versions of Windows and IE affected, consult the April security bulletin and the associated cumulative security update for Internet Explorer.

Where last month's security bulletin from Microsoft prioritised flaws in Excel, the April focus on Internet Explorer comes at a ticklish time for the developer. AccountingWEB user "JC" raised an alert in Any Answers about the security holes in Internet Explorer last week and some security experts have publicly questioned that if Microsoft's browser was so vulnerable to remote code execution attacks, why didn't it move more quickly to plug the holes?

IE's vulnerability has seen a marked shift to other browsers such as Mozilla's Firefox, which are less prone to misappropriation. Since the beginning of 2003, for example, the proportion of Internet Explorer traffic on AccountingWEB has dropped from 97% to 82%. A new version of the software is on the way - the Beta 2 version of IE 7.0 - which will bring Firefox-like facilities such as tabbed browsing and built-in RSS feeds, but Microsoft's latest bug-fix did not document or address any of the flaws identified in the test version.

The April bulletin included two further critical upates. MS06-015 addresses a vulnerability in Windows Explorer (XP edition) that could permit remote code execution, while MS06-014 concerns data access components within Windows that are used to access SQL databases.

Tags:

Replies (3)

Please login or register to join the discussion.

avatar
By User deleted
13th Apr 2006 08:05

Information overload ..
Appologies missed the relevant para. - information overload ('blogg blindness') has oviously set in

Thanks (0)
John Stokdyk, AccountingWEB head of insight
By John Stokdyk
12th Apr 2006 11:47

Thanks for reminding us, JC
We were aware of your posting - and included a link in the story above.

Thanks for bringing it to our attention - the more members keeping their eyes out for security issues, the better, as far as I am concerned.

Keep up the good work.

John Stokdyk
Technology editor
AccountingWEB.co.uk

Thanks (0)
avatar
By User deleted
12th Apr 2006 11:09

See Previous Posting ...
Mircrosoft IE Security Threat, identifying that IE would not be fixed until 11 April

Thanks (0)