Internet Explorer 7 in Windows Vista, but also on Windows XP and Windows Server 2003, along with the remaining supported versions of Microsoft's proprietary browser are hurt bad. According to the Redmond company, the browser is affected by no less than four security holes. As a consequence, the monthly patch cycle from Microsoft brought a new Cumulative security update for Internet Explorer, on October 9.

"The IE Cumulative Security Update for October 2007 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven't already to ensure that you receive the latest updates for all Microsoft products. This update addresses 1 remote code execution and 3 spoofing vulnerabilities. This bulletin also includes killbits for some vulnerable ActiveX controls", explained Terry McCoy, Program Manager Internet Explorer Security.

Microsoft warned that one of the vulnerabilities addressed by the cumulative IE patch has been publicly disclosed. The additional three security flaws were privately reported to the company, but Microsoft failed to disclose if proof of concept code was made available in the wild, or if exploits and attacks targeting the vulnerabilities were detected. Internet Explorer 5.01, IE6 SP1, IE6, and IE 7 are all impacted by the vulnerabilities to a higher or a lesser degree. But the havoc was caused by the Error Handling Memory Corruption vulnerability.

"This Update is rated "Critical" for IE 5.01, IE6 Server Pack 1 on Windows 2000, IE6 on Windows XP, IE7 on Windows XPSP2 and IE7 in Windows Vista; "Moderate" for IE6 on Windows Server 2003 and IE7 on Windows Server 2003. As a reminder, IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer. I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft", McCoy added.