On Wednesday, December 4, Microsoft issued a cumulative patch for its ubiquitous web browser Internet Explorer, including all previously released updates and a fix for a newly discovered flaw that could potentially allow information disclosure.
The company dubbed the flaw "moderate," although the security bulletin issued along with the patch claimed that incomplete object caching techniques may result in cross-domain access. The vulnerability could provide an attacker with the ability to read and execute files on a user's local system.
In addition to the affected Internet Explorer, Outlook and Outlook Express customers may also be exposed to HTML e-mail messages exploiting the flaw.
Microsoft also issued a second security update, patching a flaw in the popular e-mail and organizer program Outlook 2002. A malformed e-mail header could reportedly cause Outlook to fail, when the software attempts to fetch e-mail messages from the server.
All Microsoft customers are strongly advised to update their software by either downloading the appropriate patches or by using the automatic update features of their products.
