Microsoft Crafts Critical Patches

Microsoft released two security bulletins on Patch Tuesday and it revised a patch originally released in October.

Developers issued a cumulative security update to vulnerabilities discovered in Internet Explorer.

COM object instantiation memory corruption and mismatched DOM objects memory corruption vulnerabilities were deemed critical in all versions of IE except IE 6 for Windows Server 2003.

Left unpatched, the vulnerabilities could allow an attacker to take complete control of the user’s PC, though the user would first have to visit a Web site or open an e-mail message containing the exploit.

The moderate IE flaws deal with a manipulation vulnerability in the file download dialog box and a vulnerability in the HTTPS proxy.

The second security bulletin, MS05-055, is a fix to the Windows kernel that, left unchecked, would give the attacker elevation of privilege permissions on the computer, such as administrator rights.

Because the attacker would have to log on to a machine with a valid login and run a program locally, the security bulletin was rated “important,” rather than “critical.”

This article was first published on To read the full article, click here.

Jim Wagner
Jim Wagner
Jim Wagner is an eSecurity Planet contributor.

Top Products

Related articles