News

Microsoft patches 10 critical IE bugs

Microsoft issued an emergency security update on Tuesday to plug 10 holes in Internet Explorer, including a critical vulnerability that hackers have been exploiting for weeks.

The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. The most severe vulnerabilities could lead to remote code execution and a complete takeover of the computer if a user were to view a malicious Web site using IE, Microsoft said in the bulletin summary.

Users of IE8 and Windows 7 are not vulnerable to the flaw being used in specific attacks, according to Microsoft. However, software affected by the cumulative update addressing all the IE vulnerabilities includes Windows 2000, Windows XP, Windows Server 2003 and Server 2008, Vista, and Windows 7.

The security bulletin also includes two other bulletins rated "important" that patch a vulnerability in Windows Movie Maker and Microsoft Producer 2003, and seven vulnerabilities in Office Excel.