New M$ IE cumulative patch MS04-004

M$ just issued a new IE cumlative patch that fixes a bunch of nasty vulnerabilities, some of which have been previously discovered and released to public quite a while ago.

Some highlights of patch:

• Overall severity deemed _Critical_
• Basic Authentication feature functionality change!!! Involves parsing of URLs with special characters: this is the "[email protected]" vulnerability where you only see www.paypal.com show up (in this example). M$ is FINALLY removing this _feature_ -kudos to them! This update removes handling of user names and passwords in HTTP and HTTPS
• Cross-domain security model vulneraiblity resulting in execution of script in Local Machine zone
• Drag and drop operation during dynamic HTML events allowing a file saved in target location on user's system

Link to M$ bulletin MS04-004 http://www.microsoft.com/technet/sec...n/MS04-004.asp

It's about time! Download immediately, folks.