14 DAY TRIAL // As an integral part of this month's release of security bulletins, Microsoft has made available the IE Cumulative Security Update for June 2009 through its Windows Update or Microsoft Update distribution channels. The cumulative refresh for Internet Explorer contains patches for no less than eight vulnerabilities affecting various versions of the Redmond company's proprietary browser. “This update addresses seven privately reported vulnerabilities and one publicly disclosed vulnerability. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles scripts, cached content, and initializes memory,” explained Terry McCoy, program manager, Internet Explorer Security.
Not all IE releases are impacted by the vulnerabilities patched this month by the software giant. Internet Explorer 8 for example contains only the HTML Objects Memory Corruption Vulnerability, which comes with a maximum severity rating of Critical on both Windows XP (SP2 and SP3) and Windows Vista (SP1 and SP2).
“A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” reads Microsoft's explanation of the HTML Object Memory Corruption flaw.
By contrast, Internet Explorer 7 running on the same two client platforms is affected by no less than six vulnerabilities. Four of the security updates designed to plug the holes in IE7 are considered Critical. The remaining two have been labeled just Important. This is valid for IE7 running on Vista RTM/SP1/SP2 and for XP SP2 and SP3.
“This security update is rated Critical for Internet Explorer 5.01 on Windows 2000, Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP and Windows Vista. The security update is rated Important for Internet Explorer 6 Service Pack 1 on support editions of Windows 2000. The security update is rated Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows Server 2003 and Windows Server 2008,” McCoy added.
Internet Explorer 8 (IE8) RTW is available for download here (for 32-bit and 64-bit flavors of Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008).
Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 - Five Language Standalone (KB948465) is available for download here.
Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 - Five Language Standalone for x64-based systems (KB948465) is available for download here.