Internet Explorer 7 is in critical condition, left bleeding and severely hurt. Microsoft's browser, that has performed exemplary in terms of security since it was initially made available for the general
public back in October 2006, is now experiencing one of its worst months.
No less than five vulnerabilities impacting Internet Explorer 7 have been patched by Microsoft with the Cumulative Security Update for Internet Explorer published as an integer part of the company's monthly patch cycle. IE7 for Windows XP SP2, IE7 for Windows Server 2003 SP1 and Windows Server 2003 SP2 and IE7 running on Windows Vista all feature two vulnerabilities with a severity rating of Critical that would enable a potential attacker to gain complete control over a compromised system with no user interaction.
A possible attack scenario would involve a social engineering scheme designed to trick IE7 users into accessing a malformed website that would perform remote code execution on the system via the browser just on viewing the maliciously crafted page.
But not only Internet Explorer 7 is affected. IE5.01 SP4 on Windows 2000 SP4, IE6 SP1 on Windows 2000 SP4, IE6 for Windows XP SP2, IE6 for Windows Server 2003 SP1 and Windows Server 2003 SP2 are all vulnerable to attacks. The only good news is that a security update is already in place addressing all the vulnerabilities.
"I am pleased to announce that the
IE Cumulative Security Update for May 2007 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven't already to ensure that you receive the latest updates for all Microsoft products. This update is rated "Critical" for IE 5.01, IE 6 Service Pack 1 on Windows 2000, IE 6 for Windows XP, and IE 7 on Windows XP and Windows Vista. For Windows 2003 Server with IE6 or IE7, this update is rated "Moderate" due to Enhanced Server Configuration," revealed Geoffrey Silva, Program Manager Internet Explorer Security.
