Microsoft fixes Explorer security hole…

News Analysis

Microsoft fixes Explorer security hole…

Microsoft has released its scheduled security patches for April, including one designed to address an unpatched bug in the Internet Explorer browser that had been exploited for a number of weeks.

In all, the company released five patches to address critical vulnerabilities in Explorer and other elements of Windows.
 
The Explorer patches include a fix for a vulnerability that malware writers had exploited by tricking users into visiting sites that took advantage of the bug, which then downloaded unauthorised software onto their PCs.
 
Security suppliers eEye Digital Security and Determina had already taken advantage of Microsoft’s inaction to create patches to address the vulnerability, resulting in hundreds of thousands of downloads by worried consumers.

Microsoft also released patches for a similarly critical vulnerability in the way Windows Explorer handles Component Object Model objects and for a vulnerability in an ActiveX control called RDS.Dataspace, which is distributed with the Microsoft Data Access Components.

Microsoft has taken flak over its decision to wait until its scheduled update before issuing a patch. Time will tell how effective – or mistaken – that strategy will prove to be.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy