It is only one of seven security bulletins issued by Microsoft for the June 2014 Patch Tuesday, but MS14-035 is by far the most urgent and critical of the bunch. This one update fixes 59 separate vulnerabilities in Internet Explorer.
Two of the flaws in Internet Explorer are already publicly disclosed–including one revealed by HP’s Zero Day Initiative (ZDI) a few weeks ago. None of the vulnerabilities is known to be actively exploited yet–but now the update is out the clock is ticking. Malware developers will reverse-engineer the patch to find the flaws and craft exploits as quickly as possible.
Check out what I wrote on PCWorld about the Microsoft Patch Tuesday:
Six down, six to go. Today is the Microsoft Patch Tuesday for June, and it comes with seven new security bulletins. The good news is that five of the seven are only rated as Important, but one of the two Critical security bulletins—the cumulative update for Internet Explorer—is huge.
In all, the seven security bulletins address a total of 66 specific vulnerabilities. The Cumulative Security Update for Internet Explorer (MS14-035) accounts for 59 of them—a record for a single Microsoft security bulletin.
Microsoft issued fixes for flaws in remote desktop, Lync Server, XML Core Services, Word, the TCP protocol, and the Microsoft Graphics Component that affect a range of products and services including versions of Windows and Office. The impact of a successful exploit ranges from denial of service, to information disclosure, to remote code execution, but the “star” of the show is Internet Explorer.
“Last month, IE saw a lot of activity, first with the out-of-band patch released on May 1, a point fix released as part of May’s Patch Tuesday, and a vulnerability that was publicly disclosed by the Zero-Day Initiative on May 21,” says Russ Ernst, director of product management for Lumension.
The cumulative update from Microsoft includes a fix for the vulnerability reported to ZDI. Thankfully, none of the vulnerabilities fixed by this update are actively under attack as far as we know. Even the two flaws that are already publicly disclosed are not facing any known active attacks…
Read the full article at PCWorld: Microsoft pushes out massive security update for Internet Explorer.
Internet Explorer still claims the vast majority of the browser market–does that include you? What is your first choice for a Web browser?
- Julie Smith Shares Identity Security Guidance for 2023 - January 19, 2023
- Mark Thomas Talks about Threat Hunting - January 5, 2023
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022