New Microsoft Patch for IE Fixes Three Critical Problems

Microsoft released a new patch, MS04-25 "Cumulative Security Update for Internet Explorer (867801)," for Internet Explorer (IE) 6.01, IE 5.5, and IE 5.01 that fixes three critical problems in the browser.

The patch will help prevent such nuisances as the "Download.Ject" exploit launched against IE users last month. The patch also corrects two buffer overflow problems. One problem involves GIF files that can cause a buffer overflow in MSHTML.DLL. The other problem involves bitmap images, where malformed bitmap images can cause a buffer overflow.

Microsoft said that the update, which is available for Windows Server 2003, Windows XP, Windows 2000, and Windows NT replaces all previous updates released for the browser. No update is available yet for Windows Me, Windows 98, and Windows 95, however Microsoft said that an update for those OSs "will be made available as soon as possible following the release." When these security updates are available, you'll be able to download them only from the Windows Update Web site.