Dec. 2005 Security Updates

Dec. 2005’s “Patch Tuesday” included a critical patch for a vulnerability in Windows and Internet Explorer (IE) for which a public exploit is already circulating and an important patch for Windows 2000 SP4. The latest security updates also address problems with the First4Internet copy-protection software distributed on some Sony-BMG audio CDs, which altered Windows to prevent the software from being detected and could be used by malicious software to evade detection.

A Critical and Important Patch

The cumulative critical patch for Windows and IE released in Dec. 2005 fixed a number of vulnerabilities in Windows, including the following:

• A flaw in how IE displays file download dialog boxes and accepts user input during interaction with a Web page
• IE behavior when using a Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) proxy server and Basic authentication, which could allow an attacker to read Web addresses in clear text
• IE instantiation of COM objects that are not