The patch--the fortieth that Microsoft has issued this year--seals several security holes in Internet Explorer 5.01, 5.5 and 6.0 for all versions of Microsoft Windows. The giant deemed the patch critical to all versions of Windows, except Windows Server 2003, which runs with more security in its default installation.
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
The patch repairs athat against two "object type" vulnerabilities. The vulnerabilities have been exploited by Trojan horse QHosts to compromise people's PCs when they browse a Web site that has attack code built in.
"An attacker could seek to exploit this vulnerability by hosting a specially constructed Web page," Microsoft stated in the advisory. "If the user visited this Web page, Internet Explorer could fail and could allow arbitrary code to execute."
That's exactly what happened at FortuneCity.com, when an unknown attacker was able towith code that copied the QHosts program to any computer that viewed the page with Internet Explorer. The program doesn't attempt to spread itself, so it isn't considered a computer worm or a virus.
Microsoft has beenfor its handling of security patches and for allegedly putting customers at risk by not offering proper security for its Windows operating system.