IE December 2005 Security Update is now available!

The IE December 2005 security updates are now available! This group of security updates is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates available via the new Microsoft Update. I would encourage you to upgrade to Microsoft Update if you haven’t already.

Information about the IE Security update can be found at: MS05-054 – Cumulative Security Update for Internet Explorer (KB# 905915)

This security update package contains fixes for the following vulnerabilities:

  • File Download Dialog Box Manipulation Vulnerability - CAN-2005-2829
  • HTTPS Proxy Vulnerability - CAN-2005-2830
  • COM Object Instantiation Memory Corruption Vulnerability - CAN-2005-2831
  • Mismatched Document Object Model Objects Memory Corruption Vulnerability - CAN-2005-1790

Details on the vulnerabilities and workarounds can be found at https://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx.

This is a “Critical” update and affects all supported IE configurations from IE5.01 to IE6 for XPSP2 and IE6 for Server 2003 Service Pack 1. All IE security updates are cumulative and contain all previously released patches for each version of IE. Security Updates for IE7 Beta 1 users on XPSP2 and Vista Beta1 are not available today, but will be available on BetaPlace within the next week.

I encourage everybody to download these security updates and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to turn on automatic updates for their systems to download updates more easily.

 - Charles Watanabe