Week in Security: Internet Explorer Patch, New Alliances

• Microsoft issued a patch for six new vulnerabilities in Internet Explorer that it rated as critical. The most serious flaw could allow an attacker to run arbitrary code. The vulnerabilities affect Internet Explorer 5.01, 5.5 and 6.0. Microsoft's cumulative patch is available at www.microsoft.com/security/default.asp.

• RSA Security and Sun Microsystems unveiled a joint sales, engineering and marketing agreement under which they will work to provide interoperability between RSA ClearTrust Web access management and Keon digital certificate management software and the Sun ONE Directory Server and Portal Server.

• Alcatel, Calabasas, Calif., added VPN capabilities to its OmniAccess 500 series of branch office products. The addition allows mobile users to securely access enterprise resources over the Internet. The OmniAccess 500 series combines in one appliance all IP communications for LAN switching, WAN routing, voice over IP, firewall and VPN security. The version with VPN capabilities is slated to be available in June. Pricing starts at $4,285.

• Rainfinity, San Jose, Calif., and Celestix Networks, Fremont, Calif., revealed a partnership under which Celestix will bundle Rainfinity's OPSEC-certified high-availability software, RainWall, with its Taurus One VPN/security appliance. Pricing for Taurus One with RainWall starts at $2,499. Through the end of May, Celestix is offering two Taurus Ones for the price of one.

• Application Security, New York, announced the availability of AppDetective for Sybase, an application security scanner that performs network-based penetration tests and vulnerability assessments.