Third time lucky in Microsoft IE patch fix?

Microsoft is attempting for the third time to fix a “critical” security vulnerability in its Internet Explorer browser, after two previous attempts failed to make it safe.

The company issued “version 3.0” of patch number MS06-042 this week, for a vulnerability it first tried to fix last month.

It also issued three new security patches to solve problems in the Office productivity suite and the Windows OS.

The modified patch is designed to prevent remote code execution on users’ systems by attackers, and is classed by the firm as a “critical” patch.

Microsoft’s previous attempts to fix the problem led to new security openings being found by independent security researchers.

Microsoft said, “Customers should apply the update immediately. This replaces several prior security updates.

“This update resolves several newly discovered, publicly and privately reported vulnerabilities.

“If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system.”

Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights, said the company.

The new patches issued by Microsoft were part of its monthly scheduled security patching cycle.

The most serious vulnerability, classed as “critical” by Microsoft, is in the Office suite.

A security hole in Microsoft Publisher could allow remote attackers to execute code on users’ systems, the company said.

Microsoft has issued security update MS06-054 to tackle this problem.

The other two flaws affect elements of Windows OS. The first one, classed as “important” by the company, is a flaw in the Pragmatic General Multicast (PGM) function.

The hole allows remote code execution by attackers, and Microsoft has issued patch number MS06-052 to deal with the problem.

The third problem affects both client and server versions of Windows and involves a hole in the OS’s Indexing Service.

The threat could allow inadvertent data disclosure by systems through cross-site scripting.

The flaw has been described as “moderate” by Microsoft, which has issued patch number MS06-053.

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at: www.computerweekly.com/ITgreats