Microsoft late Tuesday confirmed that its “critical” Internet Explorer patches had to be pulled after a hiccup caused some of the downloads to be corrupted.
The glitch was detected by users attempting to install the IE patch from the Microsoft Download center.
“Shortly after we released the updates this morning we found that several of the Internet Explorer updates provided only to the Download Center were corrupted, breaking the digital signature and preventing them from installing,” a post on the official Internet Explorer Weblog said.
The patches posted on Microsoft Update and Windows Update were not affected by the glitch and are installing properly.
“Weve identified the problem, removed the affected updates from the Download Center, and will repost them shortly to correct the issue,” said Jeremy Mazner, technical evangelist for Windows Vista and IE.
The cumulative IE update was part of the August release of six security bulletins from the software maker to cover eight vulnerabilities in the Windows operating system. The IE bulletin carries a “critical” rating and delivers patches for three separate remote code execution flaws in the worlds most widely used browser.
The most serious of the three is a flaw in the way IE handles JPEG images. An attacker could exploit the vulnerability by creating a malicious JPEG image and luring a Web surfer to view the image. “An attacker who successfully exploited this vulnerability could take complete control of an affected system,” the company said, adding that the malicious image could also be distributed via e-mail.
The bulletin also includes patches for a cross-domain flaw in IE that could lead to system takeover and information disclosure attacks.
A third remote code execution bug was found in the way the browser instantiates COM Objects that are not intended to be used in Internet Explorer. This flaw could also be exploited by an attacker to take “complete control” of an unpatched system, Microsoft Corp. warned.
