Patch Tuesday: IE CSS and MHTML fixes

Microsoft has just issued an advanced security notification for the month of February 2011. Patch Tuesday, as nicknamed by Microsoft, where the company releases the latest security patches for Windows, Office, Internet Explorer and other Microsoft branded software on the second Tuesday of every month.

This month brings a total of 12 bulletins, patching 22 vulnerabilities. Three of the bulletins are labeled as "Critical", Microsoft's highest security warning, and the remaining nine labeled as Important. The to-be-released bulletins will patch remote code execution, denial of service, information disclosure and elevation of privilege in various Microsoft software products.

Out of the 12 bulletins, the un-patched vulnerability in Internet Explorer's CSS will be fixed. The exploit through Internet Explorer's CSS allows a hacker to execute arbitrary code through a web page. The exploit exists on Internet Explorer 8 and 7.

The security bulletins will also address a vulnerability found on all supported versions of Windows. The vulnerability exists by the way MHTML interprets MIME-formatted requests, allowing an attacker to run an unauthorized script.

The patches will fix vulnerabilities in the following software:

  • Windows XP SP3
  • Windows Vista SP1 & SP2
  • Windows 7
  • Windows Server 2003 SP2
  • Windows Server 2008 R2
  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Microsoft Visio 2002 SP2
  • Microsoft Visio 2003 SP3
  • Microsoft Visio 2007 SP2

Some of these updates will require a restart. Affected software includes both 32-bit and 64-bit, where applicable.

Previous Story
Windows Home Server "Vail" Release Candidate available
Next Story
Mobile broadband traffic nearly tripled in 2010