We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Internet Explorer users told to update now

Microsoft releases emergency security patches

Microsoft has taken the unusual step of releasing out-of-band patches for severe security flaws in all versions of Internet Explorer, along with related holes in the Microsoft Active Template Library included with Visual Studio.

Microsoft generally only releases patches outside of its normal monthly cycle for the most dangerous security flaws. The IE risks involve "components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library", according to Microsoft, and could allow an attacker to run commands or download malware on a vulnerable PC if you simply view a malicious web page. Such drive-by-download attacks are a favourite among Internet attackers.

According to Microsoft, this MS09-034 patch "is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows XP; Critical for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Vista; Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows Server 2003; and Moderate for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Server 2008."

Translation: if you use any version of IE on Windows 2000, XP or Vista, get the fix asap by running Windows Update.

The companion patch fixes holes in the Microsoft Active Template Library, part of Visual Basic, which can be used to create the vulnerable ActiveX controls that trigger the IE flaws fixed in the MS09-034 patch. According to Symantec, the ATL patch won't fix vulnerable controls that have already been created, but will avoid creating new vulnerable controls. For more information see the MS09-035 bulletin.

See more:

PC security advice

PC World magazine US


IDG UK Sites

Very best Black Friday 2014 tech deals UK: Latest bargains on phones, tablets, laptops and more...

IDG UK Sites

Tech trends 2015: 3D printing grows up

IDG UK Sites

Will I be affected by VAT MOSS? Here are the facts for designers and artists

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & Black Friday tech offers