Microsoft has issued a cumulative software patch for Internet Explorer that it has deemed "critical," the software maker's most severe security ranking.
The patch, detailed in, Microsoft Security Bulletin MS04-025 fixes three publicly disclosed vulnerabilities as well as many previously fixed Internet Explorer security holes to date. The security bulletin is being released outside Microsoft's normal monthly patch schedule.
While all of the security updates published in the bulletin will be included in Windows XP Server Pack 2, which is expected to be released in August, security experts are urging Internet Explorer users to install these patches as soon as possible.
One of the vulnerabilities fixed in the release patches a flaw that was used for part of a widespread attack on Web sites in late June , commonly known as the "Download.ject" attacks.
In that sophisticated attack, hackers infected hundreds, potentially thousands, of E-commerce and company Web sites with malicious software. That software then was used to infect Web surfers who used Internet Explorer to visit those sites.
Web surfers who fell victim to those attacks had their systems infected with Trojan horse applications, used to hijack computers, as well as keystroke loggers, which are capable of stealing personal information such as financial account numbers and passwords.
Microsoft also released an updated version of a system-cleaner tool that will disinfect systems from various variants of MyDoom, Zindos, and Doomjuice. That tool is available here.