Tomorrow's Windows patches expected to fix critical IE issues

Internet forecast: a patchy day for XP users

Microsoft will release three new patches for Windows XP tomorrow which are expected to plug "extremely critical" vulnerabilites in Internet Explorer.

The vulnerabilities were discovered by Danish security research firm Secunia and Greyhats Security Group and affect Windows XP with or without Service Pack 2 installed.

Secunia says there is now a working exploit out for one of the vulnerabilities that will compromise Windows XP SP2 systems if users visit a web page. That particular exploit has been known to Microsoft for two months.

Another issue lets attackers display a bogus website while the address bar in Internet Explorer shows the URL of a spoofed site, as well as activate the icon indicating that the site is secured with SSL. This exploit could be used by phishers wanting to steal customers' passwords, Secunia says.

The vulnerabilities are severe enough for Secunia to advise that users dump Internet Explorer completely and use a different browser.

Nathan Mercer, technology specialist at Microsoft New Zealand, confirmed that three patches will be released tomorrow morning, NZ time. However, Mercer was unable to say whether the patches cover the Internet Explorer-related issues reported by Secunia. The patches will be available via Windows Update and are part of the standard set of patches released on the second Tuesday every month, US time, by Microsoft, according to Mercer.

Mercer says the patches are not a special release, and are for Windows XP and thus not IE-specific ones. He was unable to say whether patches for previous Windows releases will be available tomorrow as well.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Internet Explorer

More about MicrosoftSecunia

Show Comments