IDG News Service - Microsoft Corp. late yesterday issued a cumulative patch for its Internet Explorer Web browser that also fixes six new vulnerabilities, the most serious of which could enable an attacker to take control over a user's system, the company said.
All currently supported versions of Internet Explorer -- 5.01, 5.5 and 6.0 -- are affected, putting tens of millions of Internet users at risk. Internet Explorer is the world's most popular Web browser. Microsoft is urging all users to immediately apply the patch, the company said in a security bulletin.
Versions of Internet Explorer that are no longer supported could also be vulnerable, Microsoft noted.
A cumulative patch is one that includes all previously released fixes for a software product. The six newly patched vulnerabilities are in various parts of Internet Explorer and mainly put client systems at risk, but Microsoft rated the superpatch "critical" for Internet and intranet servers, too.
Three of the six new flaws enable an attacker to run code on a user's system, while other vulnerabilities could be exploited to read files on a user's computer, trick the user into downloading malicious code or run script on the user's system, Microsoft said.
In addition to fixing the vulnerabilities, the patch package also permanently disables two vulnerable ActiveX controls, one linked to the MSN chat application and one to a feature for terminal services sessions, Microsoft said. ActiveX controls are small programs designed to perform a single task.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
