We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Microsoft glitches hamper critical fixes

You know that patches are essential, but the download/install/reboot cycle gets old fast. And it doesn't help when the patches themselves have problems, as some from Microsoft recently did.

Take the latest cumulative update for Internet Explorer. Two of its corrections sealed significant holes in IE 7.0 for both Vista and XP, starting with COM objects (precursors to ActiveX controls). Viewing a site with a poisoned COM object could allow an attacker to take control of your system, although you would have to okay an IE 7.0 dialog box first.

The second flaw exists in an internal IE function, the property method. An attacker could target the flaw with a specially-crafted web page and hit you with a drive-by download.

The same cumulative update addressed four crucial issues with ActiveX and Active Scripting in IE 6 on Windows XP SP2. When you factor in fixes for critical flaws in IE 5.01 and 6.0 on Windows 2000 SP4, as well as in IE 6.0 on Windows XP SP1, get the patch here if you haven't already received it through Automatic Updates.

See also:

Broken Internet Explorer

Office fix delayed

ActiveX flaw

Trillian IRC hole

Winamp fix

IDG UK Sites

Samsung Galaxy S6 launch as it happened: Galaxy S6 launch video and live blog - watch again as...

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...