News

Newly Patched IE Flaw Already Being Exploited

Attackers are already exploiting a critical remote code execution vulnerability in Internet Explorer that Microsoft released a patch for Tuesday.

The fact that exploit code is in the wild and being used by attackers makes it especially urgent that Microsoft customers immediately apply Microsoft Security Bulletin MS05-054.

The bulletin is a cumulative security update for Internet Explorer and includes fixes for three other new vulnerabilities. One of those flaws is also critical, but it was not publicly disclosed before Microsoft released the security bulletin.

Both of the critical flaws are even critical for Windows XP Service Pack 2. Often, patches that are critical for other platforms are less severe on SP2. Customers running IE 6 on Windows Server 2003 only face a moderate threat from the two critical flaws, according to Microsoft's bulletin.

MS05-054 is one of two security bulletins Microsoft released Tuesday as part of its monthly security patching cycle. The other bulletin, MS05-055, has a maximum severity of important, one step below critical on Microsoft's threat scale. That patch fixes a flaw in the Windows kernel that could allow an elevation of privilege.

Microsoft also re-released MS05-050 on Tuesday to revise versions of the update for Windows 2000 SP4, Windows XP SP1 and Windows Server 2003.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.