Microsoft on Monday released a security patch to fix three known vulnerabilities in its Internet Explorer (IE) Web browser that have been exploited to attack Internet users.Microsoft on Monday released a security patch to fix three known vulnerabilities in its Internet Explorer (IE) Web browser that have been exploited to attack Internet users.The patch also includes a change in the basic authentication functionality in IE that Microsoft announced last week. After installing the patch, the browser no longer supports handling usernames and passwords embedded in Web URLs using the “@” symbol, Microsoft said in a statement.The security update was released outside of Microsoft’s regular monthly patch cycle because of the seriousness of the issues, said Mike Reavey, a security program manager at Microsoft in Redmond, Washington. Microsoft’s official patch day this month is Tuesday, Feb. 10. One of the three newly patched issues is rated “critical” by Microsoft, while two are “important.” By taking advantage of two of the security flaws, attackers can run or save arbitrary code on a user’s computer. Another flaw allows an attacker to spoof a Web site address and potentially trick users into providing personal information, Microsoft said.The spoofing issue received wide publicity late last year and Microsoft has been criticized for not delivering a fix sooner. The company said Monday that it is providing the security update as soon as possible after completing development and testing. In Microsoft’s rating system for security issues, vulnerabilities that could allow a malicious Internet worm to spread without any action required on the part of the user are rated critical. Issues that will not lead to the spread of a worm without any action taken by the user, but could still expose user data or threaten system resources, are rated important.The problems affect all currently supported versions of Internet Explorer on all currently supported operating systems. Users are urged to install the patch immediately, Microsoft said in Security Bulletin MS04-004.The Internet Explorer 6 Service Pack 1 version of the patch also works on Windows 98, Windows 98 Second Edition and Windows Millennium Edition, which normally would only get patches by request because the products are in what Microsoft calls the Extended Support phase of their lifecycle, Reavey said. Related content feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Enterprise Storage Enterprise Storage news analysis AMD launches Instinct AI accelerator to compete with Nvidia AMD enters the AI acceleration game with broad industry support. First shipping product is the Dell PowerEdge XE9680 with AMD Instinct MI300X. By Andy Patrizio Dec 07, 2023 6 mins CPUs and Processors Generative AI Data Center news Netskope extends SASE localization capabilities Expanded localization options in Netskope's NewEdge security private cloud can help enterprises meet data residency requirements and boost user experience. By Denise Dubie Dec 07, 2023 4 mins SASE SD-WAN Cloud Access Security Broker news analysis Western Digital keeps HDDs relevant with major capacity boost Western Digital and rival Seagate are finding new ways to pack data onto disk platters, keeping them relevant in the age of solid-state drives (SSD). By Andy Patrizio Dec 06, 2023 4 mins Enterprise Storage Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe