14 DAY TRIAL // In a recent report focused on the volume of vulnerabilities impacting various versions of Internet Explorer and Firefox 2.0, over a period of three years, Microsoft's IE managed to come on top of Mozilla's open source browser. Playing the vulnerabilities counting game, as an indication of the measure of security delivered by the two browsers, Jeff Jones, Security Strategy Director in Microsoft's Trustworthy Computing group, stressed the fact that Mozilla plugged more holes in Firefox than the Redmond company did in Internet Explorer. The scenario of Internet Explorer delivering superior security, in comparison to Firefox, was disputed by Mozilla at the time. But although the number of fixed security flaws affecting Internet Explorer is low, in the perspective served by Microsoft, the browser has seen its fair share of patches. Case in point the Cumulative Security Update for Internet Explorer (942615) via the Microsoft Security Bulletin MS07-069.
"The IE Cumulative Security Update for December 2007 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven't already to ensure that you receive the latest updates for all Microsoft products. This update addresses 4 remote code execution vulnerabilities. This bulletin also includes killbits for some vulnerable ActiveX controls", revealed Terry McCoy, Program Manager Internet Explorer Security.
The Security Bulleting is designed to plug no less than four security vulnerabilities labeled with a maximum severity rating of Critical by Microsoft, as a successful exploit would allow for remote code execution. IE 5.01, IE6 Server Pack 1 on Windows 2000, IE6 on XP, IE7 on XP SP2 and IE7 in Vista are all impacted by the Critical patch. However, the Redmond company has underlined the fact that the four Creiti9cal vulnerabilities have privately been reported and are not exploited in the wild.
"As a reminder, IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer. I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft", McCoy added.