The software giant's out-of-cycle MS04-025 advisory included fixes for several ''critical'' bugs that have already lead to code execution attacks.
That cumulative patch, which replaces the MS04-004 bulletin, provides a comprehensive fix to the core vulnerability that led to the Download.Ject malware attack last month.
In that attack, malicious hackers exploited vulnerabilities in Microsoft's IIS 5.0 servers and IE to distribute malware programs.
The cumulative patch covers IE versions 5.01, 5.5 and 6.0.
According to the Microsoft alert, the flaws opened the door for attackers to install programs; view, change, or delete data; and create new accounts with full administrative privileges.
This article was first published on internetnews.com.