Microsoft late last week issued a cumulative patch for its Internet Explorer Web browser that also fixes six new vulnerabilities, the most serious of which could enable an attacker to take control over a user's system, Microsoft said.
All currently-supported versions of Internet Explorer, 5.01, 5.5 and 6.0, are affected, putting tens of millions of Internet users at risk. Internet Explorer is the world's most popular Web browser. Microsoft urges all users to immediately apply the patch, it said in security bulletin MS02-047.
Versions of Internet Explorer that are no longer supported could also be vulnerable, Microsoft noted.
A cumulative patch is a patch that includes all previously released fixes for a software product. The six newly-patched vulnerabilities exist in various parts of Internet Explorer and mainly put client systems at risk, but Microsoft deems the super patch "critical" for Internet and Intranet servers too.
Three of the six new flaws enable an attacker to run code on a user's system, while other vulnerabilities could be exploited to read files on a user's computer, trick the user into downloading malicious code or run script on the user's system, Microsoft said.
In addition to fixing the vulnerabilities, the patch package also permanently disables two vulnerable ActiveX controls, one linked to the MSN chat application and one to a feature for terminal services sessions, Microsoft said. ActiveX controls are small programs designed to perform a single task.
Microsoft's security bulletin and the patch can be found at:http://www.microsoft.com/technet/security/bulletin/MS02-047.asp