Critical’ IE Patch Released

As promised, Microsoft has released a monster patch to secure its flagship Internet Explorer (IE) browser from takeover attacks.

The software giant’s out-of-cycle MS04-025 advisory included fixes for several ”critical” bugs that have already lead to code execution attacks.

That cumulative patch, which replaces the MS04-004 bulletin, provides a comprehensive fix to the core vulnerability that led to the Download.Ject malware attack last month.

In that attack, malicious hackers exploited vulnerabilities in Microsoft’s IIS 5.0 servers and IE to distribute malware programs.

Software products fixed with the latest patch include Windows NT Workstation 4.0, Windows NT Server 4.0, Windows 98, Windows Millennium Edition (Me), Windows 2000, Windows XP and Windows Server 2003.

The cumulative patch covers IE versions 5.01, 5.5 and 6.0.

According to the Microsoft alert, the flaws opened the door for attackers to install programs; view, change, or delete data; and create new accounts with full administrative privileges.

This article was first published on

Ryan Naraine
Ryan Naraine
Ryan Naraine is an eSecurity Planet, ServerWatch, and eWEEK contributor.

Top Products

Related articles