- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Microsoft Friday issued a much-anticipated patch for three vulnerabilities that have recently caused some havoc among users of its Internet Explorer browser.
The critical patch, released out of the normal monthly patch cycle, closes the vulnerabilities in IE that led to the Download.Ject attack and other similar attacks that installed Trojan software and redirected users to malicious Web sites.
The patch is available here.
Microsoft said the vulnerabilities could also allow hackers to install programs, view, change, or delete data, or create new accounts that have full system privileges.
The attacks exploited vulnerabilities in both IE 5.x and 6.x. running on Windows NT, 2000, XP, XP 64-bit Edition, and Windows Server 2003 in both the 32-bit and 64-bit editions.
Earlier this month, Microsoft released a configuration change to the Windows XP, Windows Server 2003, and Windows 2000 operating systems that helped thwart the Download.Ject attack. While that fix relied on turning off certain system features to blunt the attack, the patch released as part of security bulletin MS04-025 closes the vulnerability in the underlying software. The patch replaces MS04-004, which was released earlier this year.
Microsoft also recently released an updated version of the MyDoom cleaner tool that will remove variants of MyDoom, Zindos and Doomjuice from infected PCs. The tool is available here.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment