We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Microsoft glitches hamper critical fixes

You know that patches are essential, but the download/install/reboot cycle gets old fast. And it doesn't help when the patches themselves have problems, as some from Microsoft recently did.

Take the latest cumulative update for Internet Explorer. Two of its corrections sealed significant holes in IE 7.0 for both Vista and XP, starting with COM objects (precursors to ActiveX controls). Viewing a site with a poisoned COM object could allow an attacker to take control of your system, although you would have to okay an IE 7.0 dialog box first.

The second flaw exists in an internal IE function, the property method. An attacker could target the flaw with a specially-crafted web page and hit you with a drive-by download.

The same cumulative update addressed four crucial issues with ActiveX and Active Scripting in IE 6 on Windows XP SP2. When you factor in fixes for critical flaws in IE 5.01 and 6.0 on Windows 2000 SP4, as well as in IE 6.0 on Windows XP SP1, get the patch here if you haven't already received it through Automatic Updates.

See also:

Broken Internet Explorer

Office fix delayed

ActiveX flaw

Trillian IRC hole

Winamp fix

IDG UK Sites

iPhone 6 release date, price, specs and new features: Invite confirms 9 September launch

IDG UK Sites

Nostalgia time: Top 10 best selling mobile phones in history

IDG UK Sites

How Ford designs next-generation cars at its Melbourne Design Centre

IDG UK Sites

iPhone 6 release date, rumours, video, UK price & images: iPhone launch event confirmed for 9...