Microsoft updates two critical security patches
It feels like I'm updating my computer every day in the last weeks. Microsoft issued yet another two security patches for Internet Explorer and the .net framework that can be downloaded from Microsoft Security Bulletin MS07-040 - Critical and Microsoft Security Bulletin MS08-024 - Critical. Both security patches are updated to patches that had been released before, one of them just a few weeks ago.
The Cumulative Security Update for Internet Explorer patches Internet Explorer 6 and newer versions of Internet Explorer. If the user visits a specially prepared website an attacker can gain the same rights on the Windows system as the user who is currently logged into the system. While this does not affect other browsers and to a lesser extent users who do not use administrative accounts it is still recommended to update the software immediately.
The Vulnerabilities in .NET Framework Could Allow Remote Code Execution patch fixes three security vulnerabilities. Two of them allow remote code execution and one information disclosure. It is again advised to update the system immediately to fix those security holes.