October 09, 2003
Another Critical IE Cumulative Patch Released
Microsoft has recently released yet another cumulative patch for Internet Explorer 5.01 and later. This one is classified as critical, and Microsoft Security Bulletin MS03-040 describes it in more detail. To save you some time, here's the actual download link.
To sum up the Microsoftese: With the latest vulnerability, an attacker could run programs on your computer when you are viewing a Web page. An attacker could also craft an HTML–based e-mail, so you could be attacked by spam with teeth.
When visiting an attacker's Web site, it could be possible for the web site to exploit this vulnerability without any other action by you, and particularly if ActiveX is fully enabled in IE. Please see my post yesterday -- this is precisely the reason why I recommended setting IE's ActiveX controls to "prompt" nearly two years ago. While the prompts are annoying, it shifts the control back to you as to what is or isn't installed via the web browser. The most prudent course of action is to install the latest IE patch and change its ActiveX settings to "prompt" if you haven't already.
Per Microsoft, this vulnerability affects all computers that have Internet Explorer installed. You do not have to be using Internet Explorer as your web browser to be affected by this issue.
Several related caveats:
Topic(s): Privacy & Security
Posted by Jeff Beard