We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft plugs 'critical' IE hole

Don't wait for Windows XP service pack, apply cumulative patch now

Microsoft has issued a special cumulative patch for its Internet Explorer browser, addressing three new security holes rated "critical", including one that was used in a virus attack in July.

Patches rated critical mean that not installing the patch may lead to catastrophic damage to a PC because an attack could give a cracker complete control of that system, including the capability to reformat the hard drive, according to Microsoft.

Ordinarily, Microsoft saves up patches for a monthly release, to make it easier for customers and IT staffs. However, when the company rates a security flaw critical, it often releases the patch as soon it's ready, the better to protect users.

"It's probably better to do it this way," says Rob Enderle, principal analyst at technology analysis firm The Enderle Group. "It gives people the option of fixing [the problems right away]. They did the right thing."

Microsoft intends the patch to head off any repeats of the attack which took advantage of multiple weaknesses in Windows and Microsoft's Internet Information Server. The so-called download.ject or Scob virus tried to steal users' data or to create "zombies" for a later planned denial of service attack.

Microsoft issued a patch for one of the weaknesses as well as workarounds to block similar attacks, but it did not patch a second hole quite as quickly. This patch takes care of that one.

This latest release is a "cumulative" update, which contains all previously released security patches for IE. It fixes security flaws in all currently supported versions of Windows, from Windows 98 and Me through Windows XP. This cumulative patch and a description of the problems it solves is available from Microsoft.

IDG UK Sites

OnePlus One release date, price, specs UK: No invite needed any longer

IDG UK Sites

15 analogue facts that today's kids won't understand: winding tapes, Ceefax and more

IDG UK Sites

Disney's felt-based 3D printer creates soft toys and other squishy things

IDG UK Sites

WWDC 2015: What Apple will launch at WWDC 2015: Apple TV, Macs, more & how to get WWDC tickets