Three browser vulnerabilities could be exploited to allow an attacker to remotely execute code in either IE6 or IE7. A fourth flaw was rated 'critical' for IE6 but given a less severe 'important' rating for IE7.
Microsoft also patched critical vulnerabilities in the WebDAV component of Windows XP and Vista, along with critical flaws in Word for both Windows and Mac.
McAfee researcher Craig Schmugar said that the flaws covered by the monthly update highlight the perils of web-based attacks.
"Today's patches underline the need to be aware when opening files, and the risk of surfing the web unprotected," he said.
"Many of the vulnerabilities could be exploited if a Windows user simply opens a file or visits a malicious or compromised website. These are favourite attack methods among cyber-criminals."
Microsoft noted that none of the February security bulletins affects its two newest releases, Windows Vista SP1 and Windows Server 2008.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
