San Francisco (CA) – Microsoft has released an emergency “out of band” security update to eliminate multiple Internet Explorer (IE) vulnerabilities identified in Bulletin MS09-035. According to Microsoft, the vulnerabilities could allow remote code execution if a user views a “specially crafted Web page” with Internet Explorer.
However, users whose accounts are configured to have fewer user rights on the system could be “less impacted” than those browsing with administrative user rights.
“As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Security Bulletin MS09-035,” the company explained in an official statement. “This security update also resolves three privately reported vulnerabilities in Internet Explorer. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory and table operations.”
The above-mentioned update is rated “Critical” for:
- IE 5.01 and 6 Service Pack 1 – Windows 2000.
- IE 6, 7, and 8 – Windows XP.
- IE 7 and 8 – Windows Vista.
The update is rated “Moderate” for:
- IE 6, 7, and 8 – Windows Server 2003.
- IE 7 and 8 – Windows Server 2008.
Additional information pertaining to the vulnerability and approriate patches can be seen on Microsoft’s security site.