IE August 2005 Security Update is now available!

The IE August 2005 security updates are now available! This group of security updates is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates available via the new Microsoft Update. We encourage you to give MU a try.

Information about the IE Security update can be found at: MS05-038 – Cumulative Security Update for Internet Explorer (KB# 896727)

This security update package contains fixes for the following vulnerabilities:

  • JPEG Image Rendering Memory Corruption Vulnerability - CAN-2005-1988
  • Web Folder Behaviors Cross-Domain Vulnerability - CAN-2005-1989
  • COM Object Instantiation Memory Corruption Vulnerability - CAN-2005-1990

Details on the vulnerabilities and workarounds can be found at https://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx.

This is a “Critical” update and affects all supported IE configurations from IE5.01 to IE6 for XPSP2 and IE6 for Server 2003 Service Pack 1. All IE security updates are cumulative and contain all previously released patches for each version of IE. In addition, these fixes were included and shipped along with Windows Vista Beta1 and IE7 Beta1.

I encourage everybody to download these security updates and other non-IE security updates via Windows Update. Windows users are also strongly encouraged to turn on automatic updates on their systems so updates are downloaded more easily.

Shortly after we released the updates this morning we found that several of the Internet Explorer updates provided only to the Download Center were corrupted, breaking the digital signature and preventing them from installing. The updates available on Microsoft Update and Windows Update are not affected and are installing properly. We've identified the problem, removed the affected updates from the Download Center and will repost them shortly to correct the issue.

- Jeremy