Users login

Create an account »


Users login

Home » Hacking News » IE, Windows and Word fixed

IE, Windows and Word fixed

by Nikola Strahija on July 14th, 2005 Microsoft has released three software updates that patch critical security flaws in its products, including a patch for an Internet Explorer vulnerability that was first reported last week.

The company also released patches for Microsoft Word and for a feature of the Windows operating system that is used by a number of applications.
All three of the patches are rated "critical," meaning that the flaws they fix could allow malicious code to be installed on a user's computer with very little user action. The updates affect current versions of Windows and IE as well as certain older versions of Word, according to Stephen Toulouse, security program manager with Microsoft's security response centre.

The Internet Explorer (IE) and Windows patches are the most significant, the flaws they address could both be used by an attacker to take control of a user's system via a maliciously encoded Web page, said Neel Mehta, team leader of X-Force research with security vendor Internet Security Systems (ISS). The IE bug is significant because security experts have already shown a way that it could be exploited by an attacker, he said.

ISS is also concerned about the Windows vulnerability, which relates to a feature called the Microsoft Color Management Module. This software is used to ensure that colorus look the same when they are being rendered on different types of hardware, and is employed by a number of widely used applications, including Microsoft Outlook and IE, Metha said.

The Word vulnerability, which could allow an attacker to gain control of a user's system when a maliciously encoded Word document is opened, does not affect the most recent version of the word processor. However, users of Word 2000, 2002 will need to install the patch, Toulouse said.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »