New IE Security Update for IE6 SP1 and IE6 (but not IE6 in XPSP2 or Windows Server 2003)

Today we released a security update for IE, MS04-040.  This fixes a heap-based buffer overflow that allows remote execution (see CAN-2004-1050 for more details on the specifics of the issue).  Full details on the security update can be found in the security bulletin

If you are running IE6 SP1 or IE 6 I strongly suggest you go to Windows Update to get this security release. It’s nice to see the results of all the hard work we put into making XPSP2 and Windows Server 2003 more secure, since users running those platforms don’t need to get this update.

Scott