IE flaw, four others, fixed by Microsoft on Patch Tuesday

By

Microsoft released a long awaited patch for a critical Internet Explorer (IE) flaw today – April’s Patch Tuesday – along with four other fixes for company products.

The cumulative security update for IE, or Security Bulletin MS06-013, fixes the createTextRange() flaw in IE that could allow for remote code execution.


Redmond also patched two other critical flaws that could allow for the execution of malicious code.

Security Bulletin MS06-014, which fixes a vulnerability in Microsoft's Data Access Components (MDAC), and bulletin MS06-015, for a vulnerability in Windows Explorer, both also stop remote code execution.

Microsoft also released a cumulative security update for Outlook Express that resolves a flaw in the email program allowing an attacker to take complete control of an affected system after user interaction.

A moderate flaw in Microsoft's FrontPage server extensions was also fixed. Unprotected, the flaw allows attackers to run script in the context of the locally logged-on user.

A month ago, Microsoft released two bulletins on Patch Tuesday, one for several vulnerabilities in Microsoft Office and one to protect against unauthorized privilege escalation.

On Valentine's Day, the computing giant released seven patches – six of which were considered critical. January saw the early release of a fix for the infamous Windows metafile (WMF) flaw and the regular release of two other critical patches.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?