We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Microsoft glitches hamper critical fixes

You know that patches are essential, but the download/install/reboot cycle gets old fast. And it doesn't help when the patches themselves have problems, as some from Microsoft recently did.

Take the latest cumulative update for Internet Explorer. Two of its corrections sealed significant holes in IE 7.0 for both Vista and XP, starting with COM objects (precursors to ActiveX controls). Viewing a site with a poisoned COM object could allow an attacker to take control of your system, although you would have to okay an IE 7.0 dialog box first.

The second flaw exists in an internal IE function, the property method. An attacker could target the flaw with a specially-crafted web page and hit you with a drive-by download.

The same cumulative update addressed four crucial issues with ActiveX and Active Scripting in IE 6 on Windows XP SP2. When you factor in fixes for critical flaws in IE 5.01 and 6.0 on Windows 2000 SP4, as well as in IE 6.0 on Windows XP SP1, get the patch here if you haven't already received it through Automatic Updates.

See also:

Broken Internet Explorer

Office fix delayed

ActiveX flaw

Trillian IRC hole

Winamp fix

IDG UK Sites

LG G4 review: Great price and camera but misses the mark in other areas

IDG UK Sites

Why Scottish Tablet is better than the iPad mini

IDG UK Sites

How to develop for Microsoft's HoloLens

IDG UK Sites

Apple MacBook 1.1 GHz review (Retina, 12-inch, Early 2015): The future of Apple laptops