Microsoft's latest cumulative patch for Internet Explorer fails to tackle at least one of the problems it is meant to fix, and leaves a dozen reported security bugs unpatched. That's according to postings by Danish security researcher Thor Larholm and GreyMagic Software to security mailing list BugTraq, which point to a number of shortcomings with the patch. In its advisory, Microsoft refers to the most serious of the six bugs as a "cross-site scripting vulnerability in a Local HTML Resource".

But security watchers say the problem is worse: Full story at The Register .