TechBeta

Microsoft released five patches today, three of which it deemed critical, including a highly exploited hole in Internet Explorer.

Thanking more than a half-dozen security researchers for pointing out a hole in its Internet Explorer application, Microsoft released a cumulative patch it said fixes the CreateTextRange vulnerability.

First reported by Copenhangen, Denmark-based Secunia Research, said the flaw could let malicious hackers turn systems using IE 6 into “spam zombies”, as another security researcher characterized the threat.

Today’s cumulative patch “resolves several vulnerabilities in Internet Explorer that could allow remote code execution,” according to Microsoft. The software maker urged IE users to immediately apply the patch.

Prior to the cumulative security fix, several third-party patches were released to combat the vulnerability.

The security bulletin also includes a compatibility patch giving enterprise customers a 60-day reprieve to test Web applications before changes to ActiveX behavior is made permanent.

The patch affects users of IE 5.01 and IE 6 running Windows XP, Windows Server 2003 and Windows 2003.

Full article: internetnews.com