Microsoft Patches IE, Windows, Office
IE, Outlook Express and FrontPage flaws addressed by series of patches.
Microsoft has released five patches, three of which it deemed critical, including a highly exploited hole in Internet Explorer.
Thanking more than a half-dozen security researchers for pointing out a hole in its Internet Explorer application, Microsoft released a cumulative patch it said fixes the CreateTextRange vulnerability.
First reported by Copenhangen, Denmark-based Secunia Research, said the flaw could let malicious hackers turn systems using IE 6 into "spam zombies", as another security researcher characterized the threat.
Prior to the cumulative security fix, several third-party patches were released to combat the vulnerability.
The security bulletin also includes a compatibility patch giving enterprise customers a 60-day reprieve to test Web applications before changes to ActiveX behavior is made permanent.
The patch affects users of IE 5.01 and IE 6 running Windows XP, Windows Server 2003 and Windows 2003.
Two of today's five security patches involve IE, due mainly to IE's tight integration with other Windows components, Marc Maifret, co-founder of eEye Digital Security, told internetnews.com.
Maifret's company was just one that offered a third-party patch to fill the gap between Microsoft's official IE fix.
As an example of the security threat posed by IE's integral position in the Windows operating system, Microsoft released a second critical security bulletin involving IE's Data Access Components (MDAC) library.
A vulnerability in the Remote Data Services portion of the library could permit hackers to bypass the browser's security restrictions and enable malicious objects to be run within IE's "Internet Zone."