Patch/Configuration Management, Vulnerability Management

IE flaw, four others, fixed by Microsoft on Patch Tuesday

Microsoft released a long awaited patch for a critical Internet Explorer (IE) flaw today - April's Patch Tuesday - along with four other fixes for company products.

The cumulative security update for IE, or Security Bulletin MS06-013, fixes the createTextRange() flaw in IE that could allow for remote code execution.

Redmond also patched two other critical flaws that could allow for the execution of malicious code.

Security Bulletin MS06-014, which fixes a vulnerability in Microsoft's Data Access Components (MDAC), and bulletin MS06-015, for a vulnerability in Windows Explorer, both also stop remote code execution.

Microsoft also released a cumulative security update for Outlook Express that resolves a flaw in the email program allowing an attacker to take complete control of an affected system after user interaction.

A moderate flaw in Microsoft's FrontPage server extensions was also fixed. Unprotected, the flaw allows attackers to run script in the context of the locally logged-on user.

A month ago, Microsoft released two bulletins on Patch Tuesday, one for several vulnerabilities in Microsoft Office and one to protect against unauthorized privilege escalation.

On Valentine's Day, the computing giant released seven patches – six of which were considered critical. January saw the early release of a fix for the infamous Windows metafile (WMF) flaw and the regular release of two other critical patches.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.