Microsoft has recently released a security update to Internet Explorer.

This update is a cumulative update that includes all previous updates. Both Internet Explorer version 5.01/5.5 and version 6 are affected (previous versions are no longer supported by Microsoft).

The reason for the update is three new vulnerabilities. The most serious of those may allow an abuser to run any program code on a vulnerable system.

Microsoft’s severity rating is Critical.

Details about the vulnerability and the update itself are found in Microsoft’s Security Bulletin MS04-004.

One should be particularly aware of the fact when the update is installed, Internet Explorer will change its behaviour in one way that may affect many users:
URLs with the syntax http(s)://username:password@webserver/filename.extension will not be supported any more. The means that it will be more difficult for anyone with malicious intent to spoof a web site’s address.
This is further discussed in a separate Knowledge base article from Microsoft - available here.

Norman advices all users to download the security update as soon as possible, to be protected from potential exploits.

Per Olav Førland