IE flaw, four others, fixed by Microsoft on Patch Tuesday

By

Microsoft released a long awaited patch for a critical Internet Explorer (IE) flaw today – April’s Patch Tuesday – along with four other fixes for company products.

The cumulative security update for IE, or Security Bulletin MS06-013, fixes the createTextRange() flaw in IE that could allow for remote code execution.


Redmond also patched two other critical flaws that could allow for the execution of malicious code.

Security Bulletin MS06-014, which fixes a vulnerability in Microsoft's Data Access Components (MDAC), and bulletin MS06-015, for a vulnerability in Windows Explorer, both also stop remote code execution.

Microsoft also released a cumulative security update for Outlook Express that resolves a flaw in the email program allowing an attacker to take complete control of an affected system after user interaction.

A moderate flaw in Microsoft's FrontPage server extensions was also fixed. Unprotected, the flaw allows attackers to run script in the context of the locally logged-on user.

A month ago, Microsoft released two bulletins on Patch Tuesday, one for several vulnerabilities in Microsoft Office and one to protect against unauthorized privilege escalation.

On Valentine's Day, the computing giant released seven patches – six of which were considered critical. January saw the early release of a fix for the infamous Windows metafile (WMF) flaw and the regular release of two other critical patches.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
byfixedflawfouriemicrosoftonotherspatchsecuritytuesday

Sponsored Whitepapers

Gaining a Competitive Advantage with Communication APIs
Gaining a Competitive Advantage with Communication APIs
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments
Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack
Qantas obtains court order to prevent third-party access to stolen data

Qantas obtains court order to prevent third-party access to stolen data
Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?