Patch Tuesday: IE CSS and MHTML fixes

Microsoft has just issued an advanced security notification for the month of February 2011. Patch Tuesday, as nicknamed by Microsoft, where the company releases the latest security patches for Windows, Office, Internet Explorer and other Microsoft branded software on the second Tuesday of every month.

This month brings a total of 12 bulletins, patching 22 vulnerabilities. Three of the bulletins are labeled as "Critical", Microsoft's highest security warning, and the remaining nine labeled as Important. The to-be-released bulletins will patch remote code execution, denial of service, information disclosure and elevation of privilege in various Microsoft software products.

Out of the 12 bulletins, the un-patched vulnerability in Internet Explorer's CSS will be fixed. The exploit through Internet Explorer's CSS allows a hacker to execute arbitrary code through a web page. The exploit exists on Internet Explorer 8 and 7.

The security bulletins will also address a vulnerability found on all supported versions of Windows. The vulnerability exists by the way MHTML interprets MIME-formatted requests, allowing an attacker to run an unauthorized script.

The patches will fix vulnerabilities in the following software:

  • Windows XP SP3
  • Windows Vista SP1 & SP2
  • Windows 7
  • Windows Server 2003 SP2
  • Windows Server 2008 R2
  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Microsoft Visio 2002 SP2
  • Microsoft Visio 2003 SP3
  • Microsoft Visio 2007 SP2

Some of these updates will require a restart. Affected software includes both 32-bit and 64-bit, where applicable.

Report a problem with article
Previous Story

Windows Home Server "Vail" Release Candidate available

Next Story

Mobile broadband traffic nearly tripled in 2010

17 Comments

Commenting is disabled on this article.

And IE still can't render text-shadow... shame.

I got all excited thinking that Microsoft would be adding some CSS standards in this update but I guess I was just being hopeful.

This is a security update, that's what Patch Tuesday is about. Wait for a new version of Internet Explorer if you want new features.

billyea said,
This is a security update, that's what Patch Tuesday is about. Wait for a new version of Internet Explorer if you want new features.

I know, but when you see "CSS... Fixes" your mind can wander. Especially after you've just been coding and been ****ed at IE for it's non-standardness.

Text-shadow will probably be the next marquee or blink..
Unless it is used very wisely, it gives pretty ugly results.

Tanshin said,

I know, but when you see "CSS... Fixes" your mind can wander. Especially after you've just been coding and been ****ed at IE for it's non-standardness.

IE is compliant to standards that matter. Text shadow is still in draft. I'm glad the IE team is implementing future web standards but at the same time it's good that they're cautious. There's already some fragmentation in HTML5 and CSS3 implementations across browsers.

Holey said,
Still no SP1?

Do we have a projected/estimated release date?

I thought that Windows 7 SP1 is already at RTM stage. Those updates mention in the article above would probably not in SP1. That is just my guess.

Krome said,
I thought that Windows 7 SP1 is already at RTM stage. Those updates mention in the article above would probably not in SP1. That is just my guess.

Yup, SP1 includes updates up to 19th of November, I think. Everything else released after that date will be included in SP2.

Holey said,
Still no SP1?

Do we have a projected/estimated release date?

Maybe this Tuesday SP1 will be released?!? From what I read is that Microsoft on Tuesdays brings out the big guns.