Microsoft Readies Next Round of IE PatchesBy David Morgenstern | Posted 2004-07-28 Email Print
Officials in Redmond say they'll soon release new critical patches for the Internet Explorer browser out of the company's regular "Patch Tuesday" cycle.Microsoft officials say the company is prepping a patch for its Internet Explorer browser to plug the vulnerability exploited by the Download.Ject attacks in June. The patch is expected sometime next week, several weeks before the next scheduled batch release of security fixes.
In late June, security concerns over IE were raised following several serious exploits, including Download.Ject, which allowed Microsoft IIS (Internet Information Services) Web servers to install a keystroke logger and other malware code to steal passwords and other personal data.
While Microsoft Corp. earlier this month released a Download.Ject Payload Detection and Removal Tool, as well as an early fix described as a "configuration change" for Windows' ADODB.Stream component, the company had promised customers a more comprehensive fix.
Read more about the issues raised in the online discussion over the use of IE in the enterprise.
A Microsoft spokeswoman declined to offer a more exact date for the release, adding that the patch would be released when the company determines it has an "effective and quality fix for all [supported] versions of IE."
The experiences with Download.Ject and other recent shell vulnerabilities have led some IT managers to ask if the browsers themselves are to blameor is Windows itself just not safe? Check out this face-off on the browser wars between Linux and Windows.
The forthcoming patch release is out of order, the company admits, revealing the critical nature of the patches as well as addressing the concerns expressed by customers over the recent issues with the browser. The last scheduled "Patch Day" was July 13, when the company released several "critical" updates.