The patch--the fortieth that Microsoft has issued this year--seals several security holes in Internet Explorer 5.01, 5.5 and 6.0 for all versions of Microsoft Windows. The giant deemed the patch critical to all versions of Windows, except Windows Server 2003, which runs with more security in its default installation.
The patch repairs a previous patch that didn't properly protect against two "object type" vulnerabilities. The vulnerabilities have been exploited by Trojan horse QHosts to compromise people's PCs when they browse a Web site that has attack code built in.
"An attacker could seek to exploit this vulnerability by hosting a specially constructed Web page," Microsoft stated in the advisory. "If the user visited this Web page, Internet Explorer could fail and could allow arbitrary code to execute."
That's exactly what happened at FortuneCity.com, when an unknown attacker was able to replace a banner ad on the site with code that copied the QHosts program to any computer that viewed the page with Internet Explorer. The program doesn't attempt to spread itself, so it isn't considered a computer worm or a virus.
Microsoft has been sued by a Los Angeles resident for its handling of security patches and for allegedly putting customers at risk by not offering proper security for its Windows operating system.
Microsoft breaks fixed patch
Microsoft patches broken fix
Microsoft fixes patched break
Microsoft patches fixed break
Microsoft breaks patched fix
Microsoft fixes broken patch
...
Isn't word-play fun?
Isn't Microsoft wonderful?
I think I'll use Linux instead.
/Socrates, pateintly waiting the response from the Mehlman-miester... Bring it on Josh ;-)