As anticipated, on December 13th, Microsoft announced its December security bulletin to address four critical vulnerabilities in Internet Explorer (IE) and Windows 2000.
A total of two security bulletins were issued: MS05-054 and MS05-055. The first bulletin addresses four separate vulnerabilities in Internet Explorer, two of which Microsoft has classified as “critical.”
These vulnerabilities relate to the way IE processes COM objects. An attacker could exploit this flaw to remotely control a computer and execute harmful actions on the system.
All current versions of IE (IE 5.0, 5.5, and 6.0) are affected by these vulnerabilities. Even the IE 6.0 version in the security-focused operating system Windows XP SP2 is impacted.
The MS05-055 security bulletin fixes a flaw in the handling of asynchronous procedure calls in the Windows 2000 operating system kernel. According to a warning from the security firm eEye, this vulnerability also affects older versions of the operating system, such as Windows NT 4.0, which is no longer supported by Microsoft.
Microsoft advises users to promptly update their systems using the Automatic Update feature of Windows or the Microsoft Update service.
