SHARE
Facebook X Pinterest WhatsApp

MS Patch Train Drops Off ‘Critical’ IE Fix

Microsoft on Tuesday released 10 advisories to cover a slew of security flaws in a range of products, including a “critical” cumulative update for the Internet Explorer browser. Three of the 10 bulletins are rated “critical,” the company’s highest severity rating. The IE fix, covered in MS MS05-025, corrects a remote code-execution vulnerability that exists […]

Written By
thumbnail Ryan Naraine
Ryan Naraine
Jun 14, 2005
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft on Tuesday released 10 advisories to cover a slew of security flaws in a range of products, including a “critical” cumulative update for the Internet Explorer browser.

Three of the 10 bulletins are rated “critical,” the company’s highest severity rating.

The IE fix, covered in MS MS05-025, corrects a remote code-execution vulnerability that exists due to the way the browser handles PNG (Portable Network Graphics) files.

According to Stephen Toulouse, program manager in the Microsoft Security Response Center, the flaw could allow an attacker to seize complete control of an affected machine remotely by luring a surfer into visiting a malicious Web site.

This is not the first time that Microsoft has squashed a PNG processing bug in its software. Earlier this year, a critical bulletin was released to correct a similar vulnerability in the Windows Media Player and MSN Messenger products.

The latest IE update also fixes a data leakage that occurs in the way IE handles certain requests to display XML content. “An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially lead to information disclosure if a user visited a malicious Web site or viewed a malicious e-mail message,” Microsoft said.

Read more here about previous problems with PNG processing in Windows software.

A successful attacker could exploit the flaw to read XML data from another Internet Explorer domain. Microsoft said user interaction is required to exploit this vulnerability.

The IE flaws were confirmed on Windows 2000 SP3 and SP4, Windows XP (SP1 and SP2 inclusive), and Windows Server 2003 (including SP1). Patches were also rolled out for users of Windows 98 and Windows ME (Millennium Edition).

The June patch batch also contained “critical” fixes for a vulnerability in HTML Help that puts users at risk of remote code execution attacks. In its MS05-026 bulletin, Microsoft warned that “an attacker who successfully exploited this vulnerability could take complete control of the affected system.”

Microsoft HTML Help is the standard help system for the Windows platform. Web developers typically use HTML Help to create online help files for software applications or to create content for multimedia titles or Web sites.

The HTML Help bulletin applies to Windows 98, Windows ME, Windows 2000 (including SP3 and SP4), Windows XP (SP1 and SP2 inclusive) and Windows Server 2003, including SP1.

The company also rated the MS05-027 bulletin, which was detected in the SMB protocol, as “critical” and warned that a successful exploit could allow an attacker to hijack a PC without the user’s knowledge.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft said.

and other coverage of Microsoft patches on eWEEK.com.

Recommended for you...

Caylent Research on Database Migrations: What to Know
Victoria Durgin
Aug 28, 2025
Exterro Debuts Agentic AI Tools for Data Risk and E-Discovery 
Jordan Smith
Aug 26, 2025
Multi-OEM Strategies & More Key to Infrastructure in AI Era
Victoria Durgin
Aug 26, 2025
Kendra Krause on New Role at ThreatDown & Channel Goals
Victoria Durgin
Aug 25, 2025
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.