Two prominent security groups have urged Microsoft Internet
Explorer users to apply the latest cumulative security patch to
their browsers saying the need to apply the patch is
"imperative".
The Computer Emergency Response Team/Coordination Center (CERT/CC)
and Internet Security Systems' X-Force security monitoring team
issued their alerts on Monday and Tuesday (25 and 26 February),
respectively.
The flaws fixed by the patch affect Internet Explorer version 5.01
and higher, according to the security alert originally provided by
Microsoft. The patch, MS02-005, was first released on 11 February,
but initially caused some instability in the browsers to which it
was applied.
The patch fixes flaws in Internet Explorer that could allow
malicious code embedded in HTML to be executed either in Internet
Explorer or in Outlook Express e-mail clients that use Internet
Explorer for some functions, Microsoft said. The vulnerability
could be effective in an automated attack tool like a worm,
Internet Security Systems said in its alert.
The patch can be found at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-005.asp