Patch Tuesday: Internet Explorer needs critical patches, again

Microsoft,Internet Explorer,Browser

Microsoft browser needs the most urgent patching on an otherwise light Patch Tuesday

In a very light set of monthly security bulletins, Microsoft will issue just one that it’s ranking critical and it involves Internet Explorer.

If left unpatched, the browser is subject to attacks that execute malicious code on victim machines, so getting the updates to patch it is important, says Ross Barrett, a security engineer at Rapid7. “This will be the top patching priority for this month,” he says.

In addition to the threat posed by the vulnerabilities that the patches correct, these critical browser updates will be challenging for IT organizations, says Eric Cowperthwaite, vice president of advanced security & strategy, Core Security. Installing the updates requires system restarts and the browser in all its versions is widely distributed among organizations. “We don’t yet know if there are active exploits in the wild, but there may well be. And, even if not, this appears to be something that is likely to have exploits developed in the near future,” Cowperthwaite says.

Vulnerable versions include IE 6, 7, 8, 9, 10, and 11 running on desktop Windows Vista, Windows 7 and Windows 8.1 as well as Windows Server 2003, 2008 and 2012.

The bulletin about the Internet Explorer problems is likely to include a roll-up of fixes for any number of vulnerabilities found over the past month, says Ross Barrett, a security engineer at Rapid7.

The rest of this month’s bulletins are rated important, which means that attacks against these vulnerabilities require some action on the user’s part in order to succeed. Still, one bulleting warns against vulnerabilities that could lead to escalation of privilege on compromised Windows 8 and 8.1 machines and Server 2012 and 2012 RT, says Jon Rudolph, a senior software engineer at Core Security.

A third bulletin addresses flaws in Windows Server 2003, 2008 and 2012 and Windows Vista, 7, 8, and 8.1 that could lead to DDoS attacks against the machines. The final bulletin involves Lync Server 2010 and 2013 and also addresses problems that could lead to DDoS attacks.


 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

 

Click to rate this post!
[Total: 0 Average: 0]
Tagged with:     , ,

About the author /


Post your comments

Your email address will not be published. Required fields are marked *

Archives

Latest

+

Random

+
September 2014
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930