14 DAY TRIAL // Next Tuesday, Microsoft has a new surprise in the ?If it's Tuesday?it's update day" category. The Redmond company will finally release the long-awaited Internet Explorer updates.
The most debated vulnerability which affects IE 6 users is the famous "createTextRange()", whose exploitation can compromise the victim's computer.
Microsoft has announced four security bulletins for Windows, which have been rated as critical, and one for Office and Windows, for this, the highest maximum severity rating being moderate. These updates will be available through Microsoft Baseline Security Analyzer and Enterprise Scan Tool and will require restarting your computer.
The Redmond company will also release an updated version of Microsoft Windows Malicious Software Removal Tool, that will be available through Windows Update, Microsoft Update, Windows Server Update Services and Download Center.
The update targets the "createTextRange()" procedure, which already has two temporary workarounds from eEye Security and Determina, but still has triggered a new wave of malware.
Recently, hackers have posted a new version of the malware that will make it easier for them to exploit the unpatched vulnerability, and it will be particularly effective on older machines with limited memory and processing capabilities.
In other IE vulnerability news, Secunia said that one of their investigators has discovered a new bug that can be used for phishing schemes.
This flaw occurs when loading web content and SWF Macromedia files in the browser's window.