The Redmond, Washington-based software maker also rated another patch for a vulnerability in Windows Media Player 7.1 as "critical." The five other bulletins were rated "important."
The update for Internet Explorer follows a security advisory the company issued last week after the WMF flaw was discovered. The flaw exists only in IE 5.01 with Service Pack 4 on Windows 2000 and IE 5.5 with Service Pack 2 on Windows ME, Microsoft said in the security advisory.
Exploiting the vulnerability means that someone could seize control of an affected system. Microsoft also recommended last week that users upgrade to IE6 with Service Pack 1.
Microsoft also patched Windows Media Player 7.1, on Windows 98/98SE/ME/2000, Windows Media Player 8 on Windows XP (up to and including SP1), Windows Media player 9 on Windows 2000/XP SP2/Server 2003, Windows Media Player 10 on 98/98SE/ME/XP (up to and including SP2).
The vulnerability in Windows Media Player has the potential to allow someone remotely take control of a system via a malicious images embedded in the customised versions of Windows Media Player.
"It could be exploited through Microsoft Internet Explorer because users often get media that is hosted on the Web," Microsoft said in a statement. "Microsoft Internet Explorer typically starts the media player automatically to open the media file which could allow attackers to host the malicious (customised file) on a Web page as a method of attack."
Microsoft rates as "critical" any security threat that could allow a malicious Internet worm to spread without any action required on the part of the user.
Yo All,
Just hit the MS updates site and the one for the TCP vulnerability (KB913446) fails to download. I'd understand a failure to install - hey, the TCP kernel is obviously in use if you're online ... but a failure to download?
At any rate, the problem seems endemic to any XP user and there's numerous complaints about it in various MS forums ... but no manual download option I could find.
Guess we'll just have to wait until MS fixes the puppy.
Just thought I'd post this so others could avoid the grief I've been through trying to rectify the situation.
Regards,