I post this because sometimes it is easy to overlook path re-releases, especially when they are off schedule. According to a Microsoft spokesperson, the original patch itself is not flawed, it just fails to correctly set the kill bit for the Microsoft XML Parser 2.6.

The kill bit is a registry setting that prevents Internet Explorer from creating the object in the browser. This is a defense-in-depth measure that reduces exposure to any future exploits of this object.

The update only affects the Windows 2000 version of the path, other operating systems are not affected.

Related posts

• No related posts.