Microsoft Crafts Critical Patches
Redmond rounds out 2005 with IE patches.
Developers issued a cumulative security update to vulnerabilities discovered in Internet Explorer.
COM object instantiation memory corruption and mismatched DOM objects memory corruption vulnerabilities were deemed critical in all versions of IE except IE 6 for Windows Server 2003.
Left unpatched, the vulnerabilities could allow an attacker to take complete control of the user's PC, though the user would first have to visit a Web site or open an e-mail message containing the exploit.
The second security bulletin, MS05-055, is a fix to the Windows kernel that, left unchecked, would give the attacker elevation of privilege permissions on the computer, such as administrator rights.
Because the attacker would have to log on to a machine with a valid login and run a program locally, the security bulletin was rated "important," rather than "critical."