14 DAY TRIAL // If Microsoft's Internet Explorer were a ship, rats would be storming out of the sinking vessel. The Redmond Company made available for download a total of six patches for various editions of the browser. No less than five of the security flaws have been labeled with the maximum severity rating of Critical, as they allow for remote code execution. According to Microsoft, Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 7 are all affected by critical vulnerabilities. Using IE as a vector of attack, Windows 2000 SP4, Windows XP SP2, Windows Server 2003 and even Windows Vista, both 32-bit and 64-bit editions of the operating systems, could be completely taken over.
"The IE Cumulative Security Update for June 2007 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven't already to ensure that you receive the latest updates for all Microsoft products. This update addresses 5 remote code execution vulnerabilities and 1 spoofing vulnerability. This update is rated "Critical" for IE 5.01, IE 6 Service Pack 1 on Windows 2000, IE 6 for Windows XP, IE 7 on Windows XP and IE7 in Windows Vista. For Windows 2003 Server with IE6 or IE7, this update is rated "Moderate" due to Enhanced Server Configuration," revealed Terry McCoy, Program Manager Internet Explorer Security.
Security company Symantec has placed patching IE among the top priorities for updating Microsoft products. Ben Greenbaum, Symantec Security researcher revealed that the Redmond Company's browser "is prone to a memory-corruption vulnerability when accessing objects that are improperly instantiated or deleted, (...) fails to properly handle certain CSS data, (...) [features a] vulnerability in the speech control of the Speech API, (...) [is opened] to remote code-execution vulnerability because of a race condition in its language-pack installation support, and to a webpage-spoofing vulnerability in the "Navigation cancelled" page." On top of these, there is also a flaw in the way specific COM objects "return values to the browser when called by a web page."
Microsoft Security Bulletin MS07-033 - Critical Cumulative Security Update for Internet Explorer (933566) is available here.