Internet Explorer July Out-of-Band Cumulative Security

SGT Oddball

Active member
Pro User
Local time
12:03 AM
Messages
653
Location
Lost in France
Internet Explorer is releasing an out-of-band update available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.

This update addresses three privately reported vulnerabilities which could allow remote code execution. The security update addresses the vulnerability by modifying the way Internet Explorer handles objects in memory and table operations.

In addition, the update includes two defense-in-depth protections against known techniques that are able to bypass ActiveX Security Policy when ActiveX controls have been created using certain Active Template Library (ATL) methods in specific configurations. The first defense-in-depth is enabled by default and modifies how ATL-based controls read persisted data. The second defense-in-depth is disabled by default and offers the ability to regulate usage of the IPersistStream* and IPersistStorage interface implementations within individual controls.

For detailed information on the contents of this update, please see the following documentation:

This security update is rated Critical for all released versions of Internet Explorer except Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows Server 2003 and Windows Server 2008.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Terry McCoy
Program Manager
Internet Explorer Security

Update 5:41pm: removing * from IPersistStorage

aggbug.aspx

More...
 

My Computer My Computer

At a glance

NT4Cyrix 2338 MegVoodoo
OS
NT4
CPU
Cyrix 233
Motherboard
Jetway
Memory
8 Meg
Graphics Card(s)
Voodoo
Sound Card
SB16
Monitor(s) Displays
14" CRT
Screen Resolution
800x600
Hard Drives
40meg
Keyboard
Yes
Mouse
Yes
Internet Speed
56k
Back
Top