Monthly Security Release Includes Critical IE Patch

On Tuesday, Microsoft issued fixes for 14 software flaws in five separate security bulletins Tuesday as part of its regularly scheduled monthly security patch release. The most important patch of the bunch fixes a widely publicized Microsoft Internet Explorer (IE) exploit that has been victimizing users for weeks. In total, 9 of the flaws were rated as critical by the software giant, so users should install the patches as soon as possible.

The IE patch, MS06-13, fixes several bugs, but the most notable is the so-called "create TextRange()" bug, which hackers first exploited last month. This bug was considered so severe that several security vendors, including Determina and eEye Digital Security, actually released their own patches ahead of Microsoft. Previously, Microsoft had described only a workaround for the flaw, in which the user could disable IE's Active Scripting feature.

IE detractors will note that MS06-13 fixes a total of 10 software flaws in the much-maligned Web browser; you'll see a separate but related patch for a flaw that tricks Windows Explorer--IE's cousin in the Windows shell--into browsing malicious remote servers. MS06-13 also includes a design change that alters the way IE interacts with ActiveX controls. Microsoft made this change to adhere to a ruling in the Eolas Technologies patent case.

Some hope that IE 7, due in late 2006 for Windows XP and also shipping as part of Windows Vista, will turn around IE's long-lasting security ills. However, only the Vista version of IE 7 will include the most dramatic security gains, thanks to its integration with low-level Vista-specific security features.


Yesterday, I linked to Fred Pullen's download of the Windows Vista Product Guide. According to Pullen, he's had to pull (ahem) the download. "Although we had permission from one of its sponsors to post the Windows Vista Product Guide to the TS2 Community Site, it isn't quite ready for public consumption so I was asked to remove the link," he notes in his blog. "If you were lucky enough to download the 'sneak peek' preview, enjoy! We'll provide access to the guide after it becomes publicly available."

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.