Latest patch for IE holes released by Microsoft

By John Fontana, NetworkWorld.com
July 30, 2004 03:01 PM ET

Microsoft Friday issued a much-anticipated patch for three vulnerabilities that have recently caused some havoc among users of its Internet Explorer browser.

The critical patch, released out of the normal monthly patch cycle, closes the vulnerabilities in IE that led to the Download.Ject attack and other similar attacks that installed Trojan software and redirected users to malicious Web sites.

The patch is available here.

Microsoft said the vulnerabilities could also allow hackers to install programs, view, change, or delete data, or create new accounts that have full system privileges.

Related Content

The attacks exploited vulnerabilities in both IE 5.x and 6.x. running on Windows NT, 2000, XP, XP 64-bit Edition, and Windows Server 2003 in both the 32-bit and 64-bit editions.

Earlier this month, Microsoft released a configuration change to the Windows XP, Windows Server 2003, and Windows 2000 operating systems that helped thwart the Download.Ject attack. While that fix relied on turning off certain system features to blunt the attack, the patch released as part of security bulletin MS04-025 closes the vulnerability in the underlying software. The patch replaces MS04-004, which was released earlier this year.

Microsoft also recently released an updated version of the MyDoom cleaner tool that will remove variants of MyDoom, Zindos and Doomjuice from infected PCs. The tool is available here.