Microsoft releases cumulative security update for IE

14.12.2005
Microsoft Corp. Tuesday released a cumulative security upgrade that fixes newly discovered vulnerabilities in its Internet Explorer browser -- including one critical flaw for which exploit code is already available.

The company also issued a bulletin addressing a privilege escalation vulnerability in the Windows kernel that could allow hackers to take control of an affected system. Microsoft classified that vulnerability as important.

Microsoft's cumulative security upgrade described in bulletin MS05-054 details patches for four vulnerabilities in Internet Explorer and replaces an earlier cumulative update issued by the company in October.

Both bulletins were included as part of Microsoft's monthly security update program. The patches released Tuesday are the last of the company's scheduled updates for the year.

These are the four browser flaws that have been fixed:

-- A critical remote code vulnerability in the way IE creates certain COM objects such as ActiveX Controls