On Tuesday, Microsoft delivered its regularly scheduled monthly security fix updates, and among this month's offerings was a surprise fix for the Zero Day flaw in Internet Explorer (IE) that was revealed last month.
Microsoft fixed several IE security holes via a single cumulative update, and these updates span several versions of the Windows client and server OSs as well as IE 5.x, 6, 7, and 8. The severity ratings range from moderate to critical, depending on which combinations of software you have on your PC.
The Zero Day flaw is of particular interest because Microsoft has recently begun a campaign to get users of the dated IE 6 browser—typically business users—to upgrade to the more secure IE 8 version. But IE 8 is also vulnerable to this Zero Day flaw, somewhat undercutting this advice. (It shouldn't: IE 6 is out of date and insecure, and users should upgrade to a more modern browser as quickly as possible.)
Microsoft also fixed bugs in Microsoft Office, Windows Server 2008, Windows XP, Windows Server 2003, Windows 2000, and older versions of WordPad. Aside from the IE 8 flaw, Windows 7 wasn’t directly affected by any of the security updates issued this month.