News Analysis

Microsoft fixes Explorer security hole…

Microsoft has released its scheduled security patches for April, including one designed to address an unpatched bug in the Internet Explorer browser that had been exploited for a number of weeks.

In all, the company released five patches to address critical vulnerabilities in Explorer and other elements of Windows.
 
The Explorer patches include a fix for a vulnerability that malware writers had exploited by tricking users into visiting sites that took advantage of the bug, which then downloaded unauthorised software onto their PCs.
 
Security suppliers eEye Digital Security and Determina had already taken advantage of Microsoft’s inaction to create patches to address the vulnerability, resulting in hundreds of thousands of downloads by worried consumers.

Microsoft also released patches for a similarly critical vulnerability in the way Windows Explorer handles Component Object Model objects and for a vulnerability in an ActiveX control called RDS.Dataspace, which is distributed with the Microsoft Data Access Components.

Microsoft has taken flak over its decision to wait until its scheduled update before issuing a patch. Time will tell how effective – or mistaken – that strategy will prove to be.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy