Microsoft issues five security patches, fixes critical browser hole

Antony Savvas

Microsoft has today issued five security patches for Windows and the Office productivity suite, including a critical fix for the widely publicised CreateTextRange vulnerability in Internet Explorer.

The Office fix only addresses a “moderate” threat, said Microsoft.

The fix for the critical IE vulnerability is being issued more than two weeks after the vulnerability was first discovered.

Microsoft is now encouraging users to download the fix as soon as possible, as exploit code for the bug has been circulating for some time, although the company says there have been few infections among users.

The delay in issuing a fix, and Microsoft’s decision to wait for the official patching cycle of the second Tuesday of the month to distribute it, will create further debate as to whether Microsoft is acting quickly enough to address security issues.

Two unofficial fixes from security firms have been available to plug the critical hole for well over a week, although Microsoft had warned users not to use them on the grounds that they may disturb the settings of systems.

Security software company Websense says hundreds of malicious websites have sprung up to try to spread malware among users as a result of the IE vulnerability.

Read more on Hackers and cybercrime prevention