News

Newly Patched IE Flaw Already Being Exploited

Attackers are already exploiting a critical remote code execution vulnerability in Internet Explorer that Microsoft released a patch for Tuesday.

The fact that exploit code is in the wild and being used by attackers makes it especially urgent that Microsoft customers immediately apply Microsoft Security Bulletin MS05-054.

The bulletin is a cumulative security update for Internet Explorer and includes fixes for three other new vulnerabilities. One of those flaws is also critical, but it was not publicly disclosed before Microsoft released the security bulletin.

Both of the critical flaws are even critical for Windows XP Service Pack 2. Often, patches that are critical for other platforms are less severe on SP2. Customers running IE 6 on Windows Server 2003 only face a moderate threat from the two critical flaws, according to Microsoft's bulletin.

MS05-054 is one of two security bulletins Microsoft released Tuesday as part of its monthly security patching cycle. The other bulletin, MS05-055, has a maximum severity of important, one step below critical on Microsoft's threat scale. That patch fixes a flaw in the Windows kernel that could allow an elevation of privilege.

Microsoft also re-released MS05-050 on Tuesday to revise versions of the update for Windows 2000 SP4, Windows XP SP1 and Windows Server 2003.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Google To Acquire Cloud Startup Wiz for $32 Billion

    Google has announced a pending agreement to acquire Wiz Inc., a cloud security platform, in an all-cash deal worth $32 billion.

  • FTC Expands Microsoft Antitrust Investigation Under Trump Administration

    The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

  • Microsoft to Shut Down Skype Services

    Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.