Microsoft issued six new security bulletins for the July 2014 Patch Tuesday. One of them is a Critical update for Internet Explorer that fixes 24 separate vulnerabilities. For those keeping score, that makes 83 flaws fixed in Microsoft’s Web browser in just the past few weeks.
That certainly doesn’t sound like a good thing. The glass-half-full-silver-lining perspective on this, however, would be that Microsoft and other security researchers appear to be finding and fixing a lot of Internet Explorer vulnerabilities–so now there are 83 fewer ways to compromise IE.
Russ Ernst, director of product management for Lumension, provides more details about Internet Explorer update. “Of the 29 total CVEs patched this round, 24 of them are for IE in MS14-037. The cumulative update addresses 23 RCEs and 1 security feature bypass, CVE 2014-2783, that is an extended validation SSL issue publicly known but not currently under active attack. By default, IE honors extended validation certificates that have wild cards – the patch will disable that.”
For more about the IE patch, and the other five security bulletins Microsoft released today, check out the article I wrote for PCWorld: Internet Explorer is still the star of Patch Tuesday.