 Yet Another Critical Update From Microsoft!
Microsoft releases patch for three critical holes in IE
Cumulative patch fixes flaws that were disclosed in June
Microsoft released yet another patch to fix three critical and previously disclosed holes in Internet Explorer. They also released an updated version of a software tool for cleaning out the prolific Mydoom virus and its variants from infected systems.
The latest cumulative patch is contained in Security Bulletin MS04-25 and is aimed at fixing a series of flaws in Internet Explorer that were publicly disclosed in late June.
Microsoft, which normally releases patches in monthly cycles, urged users to install the latest one as soon as possible because of potentially serious risks posed by the flaws.
For instance, one of the holes has already been in an attack called Download.Ject in which vulnerable client systems are infected with a Trojan horse capable of capturing sensitive information, such as log-on names and passwords, or of fooling users into parting with their credit card numbers and ATM codes.
Microsoft released a tool to help users get rid of the Trojan on infected systems in June. On July 2, the company released a configuration change to Windows XP, Server 2003 and Windows 2000 that was designed to mitigate the risk posed by Download.Ject.
Today's patch finally closes the so-called cross-domain vulnerability in Internet Explorer that Download.Ject takes advantage of, Microsoft said.
There is no evidence that the other two flaws addressed by the latest patch have been exploited, said Alfred Huger, senior director of engineering at Symantec Corp.'s security response centre.
One of them is a buffer overflow vulnerability in a software component used to process bitmap image files. The other is a buffer overrun flaw in a function used to process GIF image files. Both flaws could give attackers a way to remotely execute malicious code on an infected system.
Update your windows to close the holes in explorer! | 
