Microsoft Corp. released software updates in two security bulletins Tuesday, MS05-054 and MS05-055. The updates include fixes for critical new holes in IE, and code to remove a program from Sony BMG that introduced a vulnerability onto customers' Windows machines, according to Stephen Toulouse, security program manager with Microsoft's Security Resource Center.
The cumulative patch for IE, MS05-054, includes previous fixes for the Web browser and patches for four recently discovered holes, including a publicly disclosed vulnerability in code used by IE to handle JavaScript "Window()" function calls.
That vulnerability was in versions 5.5 and 6.x of Internet Explorer and was initially believed to be less serious and limited to use in denial-of-service attacks.
However, further analysis by researchers outside Microsoft revealed that the hole could be used by remote attackers to execute malicious code on affected Windows systems, Toulouse said.
read more 
Linear Mode
