Microsoft is releasing an update that addresses the most recent security vulnerability. Details in What You Should Know About Download.Ject.
On Friday, July 2, 2004, Microsoft is releasing a configuration change for Windows XP, Windows 2000, and Windows Server 2003, to address recent malicious attacks against Internet Explorer, also know as Download.Ject.
Windows customers are encouraged to apply this configuration change immediately to help be protected from current Internet Explorer exploits.
The update is currently available on the Download Center and will be made available later today on Windows Update.
Customers who have enabled automatic updates will receive the configuration change automatically. We recommend that customers immediately install this configuration change as soon as it is downloaded by automatic updates or by visiting the Windows Update site later today.
If you use an older version of Windows, you’ll need to make some manual changes using the procedures outlined in Knowledge Base article 870669 – How to disable the ADODB.Stream object from Internet Explorer.
If you’re using Service Pack 2 for Windows XP, you’ve been protected all along.
Ed Bott 