Microsoft Corp. unveiled two patches on Tuesday, the final cycle of patches expected from the world’s largest software maker this year. The patches fix two critical flaw discovered in Internet Explorer and in Windows 2000.
Microsoft said the vulnerability exists in Internet Explore could allow hackers to take control of a computer by executing remote code after luring users into spoofed websites. Further more, Microsoft admitted that an exploit code and a Trojan for the months-old vulnerability circulating the web.
The collective patch that fixes vulnerabilities in Internet Explorer, include Mismatched Document Object Model Memory Corruption – the flaw used to attack remote computers – COM Object Instantiation Memory Corruption, HTTPS Proxy Vulnerability – a critical vulnerability that could allow hackers to read secure pages in clear text and the File Download Dialog Box Manipulation Vulnerability – another vulnerability allows remote code execution.
The second patch applies to Windows 2000 SP4 users only. This patch fixes vulnerability in the kernel that allows a user who is logged on to take complete control of a system.
Microsoft has released 55 patches during 2005. This compares to 45 for 2004, 51 for 2003 and 72 for 2002.