Microsoft addresses critical IE vulnerabilities for Patch Tuesday

For this month's Patch Tuesday, Microsoft covers 24 vulnerabilities found in Internet Explorer

Administrators hoping to slack off a bit for this month's Microsoft Patch Tuesday will have no opportunity to do so. At the last minute, Microsoft added a slew of Internet Explorer (IE) fixes to its monthly release of software patches, including one patch that fixes a publicly known vulnerability.

"If there were some people who were counting on a quiet Patch Tuesday, it turned out not to be the case," said Wolfgang Kandek, chief technology officer of IT security firm Qualys. "We have to do quite a bit more work to get everything tested and in place."

Originally, Microsoft announced last week that it would issue five bulletins this month, though, on Monday, it added two additional critical bulletins, covering IE and Windows.

Microsoft did not provide an explanation for the additional bulletins, beyond the fact that the company had finished testing them.

Last year, Microsoft had to recall at least 23 patches, due in part to incomplete testing. This month's late inclusions may be a sign that Microsoft is being more conservative when deciding which patches to issue. Only when these patches were completed were they added to the monthly patch release.

"In the end, you want that update to install smoothly for everybody," Kandek said. "You want to make sure you get as little breakage as possible."

For this month, four of the seven bulletins are ranked as critical -- the highest priority -- and the remaining were deemed important. In total, this month's release of patches covers 31 vulnerabilities.

The critical bulletin covering IE, MS14-010, addresses 24 previously reported vulnerabilities, including one that is already publicly known. The most severe of these vulnerabilities could allow for remote code execution that could be triggered by a user visiting a maliciously crafted Web page.

Two other critical bulletins address flaws in the Windows operating system. One critical vulnerability lies in the VBScript Scripting Engine, covered by MS14-011. The second is found in the Direct2D hardware acceleration software and is addressed by MS14-007. Both could lead to remote execution attacks as well.

The final critical bulletin for February, MS14-008, addresses a privately disclosed vulnerability in Microsoft Forefront Protection for Exchange. The vulnerability could be exploited by a maliciously crafted email message sent to a Microsoft Exchange server monitored by Forefront security software.

Microsoft discontinued Forefront in 2012, though it will continue supporting the software with bug fixes through 2015, according to security firm Lumension.

The remaining important vulnerabilities cover issues found in Microsoft .Net and Microsoft Windows.

Kandek also urged administrators to apply Adobe's emergency patch for Flash, which was issued last week.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags patchesMicrosoftsecurityExploits / vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joab Jackson

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?