| By Susan Bradley |
Two emergency updates released by Microsoft this week correct flaws in Internet Explorer and potentially dozens of third-party programs.
One of the patches is intended primarily for use by application developers, but how far the threat to apps extends — and how many end users will be affected — is not yet clear.
Apply this Internet Explorer patch today
This week, Microsoft released security bulletin MS09-034 without waiting for the next scheduled Patch Tuesday on Aug. 11. According to the Redmond company, this patch is rated “Critical” for IE 6/7/8 on XP and IE 7/8 on Vista. (While the Windows 7 release to manufacturing (RTM) version is unaffected by the problem, the Windows 7 release candidate does requiring patching.)
You may already have applied “killbits” from Microsoft security bulletin MS09-032, which was released on this month’s regular Patch Tuesday, July 14. In theory, these killbits should protect you against certain ActiveX exploits already circulating on the Internet.
Microsoft’s Security Research & Defense blog recommends that you retain the killbits, if you did install them, and also apply this week’s update. The group says this will provide an added layer of “defense in depth” patches.
On the other hand, if you haven’t yet applied the MS09-032 update, installing this week’s out-of-cycle patch means you don’t have to install the previous one.