Software giant Microsoft on Tuesday released two security bulletins to fix three vulnerabilities in Internet Explorer.
The security holes in 6, 7 and 8 versions of Internet Explorer were allowing adversaries to launch drive-by malware attacks. The company deemed MS11-002 as critical. The vulnerability, if exploited, could allow remote code execution.
Microsoft advised customers to apply MS11-002 first, as the concerned vulnerability was affecting all client versions of Windows, such as XP Service Pack 3, Vista and Windows 7. The server versions of the operating system were also vulnerable, but the company downgraded the severity to `important'.
Manager of Qualys' vulnerabilities research labs, Amol Sarwate, said, "Attackers can exploit the critical vulnerability in MS11-002 by getting users to browse to a malicious Web site."
Users can download and install the newest security patches through the Microsoft Update, Windows Update services and via Windows Server Update Services.
Some bugs were left un-patched by the company. Over the last few weeks, Microsoft acknowledged that Chinese hackers were combing the Web to use serious vulnerabilities in Internet Explorer, Vista, Windows XP, Server 2003 and Server 2008 to gain access to confidential information.