Two prominent security groups urged Microsoft Internet Explorer users to apply the latest cumulative security patch for their browsers early this week, calling the flaws "serious" and the need to apply the patch "imperative."
The Computer Emergency Response Team/Coordination Center (CERT/CC) and Internet Security Systems Inc.'s X-Force security monitoring team issued their alerts on Monday and Tuesday, respectively.
The flaws fixed by the patch affect Internet Explorer version 5.01 and higher, according to the security alert originally provided by Microsoft. The patch, MS02-005, was first released on Feb. 11, but initially caused some instability in the browsers to which it was applied.
The patch fixes flaws in Internet Explorer that could allow malicious code embedded in HTML (Hypertext Markup Language) to be executed either in Internet Explorer or in Outlook Express e-mail clients that use Internet Explorer for some functions, Microsoft said. The vulnerability could be effective in an automated attack tool like a worm, Internet Security Systems said in its alert.
Users of affected software are urged to patch their systems immediately.
The patch can be found at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-005.asp