02.44.2007 - MS07-016 - Critical: Cumulative Security Update for Internet Explorer (928090)

Bulletin Severity Rating:Critical - This critical security update resolves two newly discovered, privately reported and one newly discovered, publicly disclosed vulnerability. Two of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. The third vulnerability could allow remote code execution if a user visits a specially crafted FTP server site using the FTP client in Internet Explorer. In all cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4, Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4, Internet Explorer 6 for Windows XP Service Pack 2, and Internet Explorer 6 on Windows Server 2003 and Windows Server 2003 Service Pack 1. For other versions, this update is rated either important or low. For more information, see the subsection, Affected and Non-Affected Software, in this section. This security update addresses the vulnerabilities by setting the kill bit for COM objects and by modifying the way that Internet Explorer handles FTP server responses. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. Recommendation. Microsoft recommends that customers apply the update immediately. Known Issues. Microsoft Knowledge Base Article 928090 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. - View Microsoft Security Bulletin MS07-016 - View Microsoft Knowledge Base Article - 928090 - Visit Microsoft Corporation