|
This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution.
This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7 (except when running on supported editions of Windows Server 2003 and Windows Server 2008), and Internet Explorer 8 (except when running on supported editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2). For Internet Explorer 7 and Internet Explorer 8 running on Windows servers as listed, this update is rated Moderate.
The security update addresses these vulnerabilities by correcting the control and by modifying the way that Internet Explorer handles objects in memory.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 977981.
Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
|
> MAPP
