April 6, 2006 12:14 PM PDT
Microsoft to slap patch on risky IE hole
- Related Stories
Web developers get a respite on IE changesMarch 29, 2006
Second unofficial fix plugs IE holeMarch 28, 2006
Third party offers temporary IE fixMarch 27, 2006
Microsoft mulls rushing out IE patchMarch 24, 2006
Another IE bug hits MicrosoftMarch 21, 2006
Microsoft fixes Office, Windows flawsMarch 14, 2006
Microsoft updates IE after patent spatFebruary 28, 2006
Appeals court revisits Eolas decisionMarch 2, 2005
At least one of the alerts is deemed "critical," Microsoft's highest risk rating, the software maker said in a notice posted on its Web site on Thursday. It tags as critical any security threat that could allow a malicious Internet worm to spread without any action required on the part of the user.
One of Tuesday's bulletins will be for its Internet Explorer Web browser. It will include a comprehensive update with multiple fixes, including one for the publicly known "CreateTextRange" vulnerability, Microsoft said. It did not specify what other issues its additional Tuesday patches will repair, or how many flaws will be tackled.
Security researchers have noted several unpatched flaws in IE. The CreateTextRange bug is considered most critical by experts. The flaw is being exploited by malicious Web sites to install spyware, remote-control software and Trojan horses on vulnerable PCs, experts have said. Third parties have provided temporary fixes.
As part of its monthly patch day, Microsoft also plans to release an updated version of the Windows Malicious Software Removal Tool. The software detects and removes common malicious code placed on computers.
Additionally, this month's patches will make a change to the way IE handles Web programs called ActiveX controls. These tweaks are related to a long-running patent dispute between Microsoft and a startup backed by the University of California. The changes can affect how certain sites display in the browser.
People who need more time to adjust to the ActiveX changes can download a special patch that will disable them for two months. This "compatibility patch" is specifically designed for businesses that may have homegrown applications that use ActiveX, Microsoft has said.
Microsoft gave no further information on the upcoming bulletins, other than stating that some the Windows fixes will require restarting the computer. The Office fix may also require a restart, it added.
The Redmond, Wash., software maker offers advance notification about patches so people can get ready to install the updates.
Last month, Microsoft released two security bulletins covering six flaws in Office, most of which were related to Excel, and one flaw in Windows. The Office bulletin was tagged critical, while Microsoft deemed the Windows problem "important," one notch lower on its four-tiered rating scale.
Microsoft said it will host a Webcast about the new fixes on Wednesday at 11 a.m. PDT.
5 commentsJoin the conversation! Add your comment