Microsoft withholds monster IE update from Windows 8.1 dawdlers

Microsoft withholds monster IE update from Windows 8.1 dawdlers

Renounces Windows 8.1's patch privileges unless it has been migrated to April's Update

Microsoft refused to give Windows 8.1 customers a second reprieve, requiring most to have upgraded their devices to April's Windows 8.1 Update before the firm's Windows Update would serve up a mammoth patch slate today.

Tuesday's collection of seven different "bulletins" - Microsoft's label for its security updates -- included one for Internet Explorer (IE) that contained fixes for a record 59 separate vulnerabilities.

The previous single-bulletin mark was MS11-034, which patched 30 vulnerabilities in April 2011.

Microsoft got a bit defensive about the large number of CVEs on today's slate. "Does a vulnerability make a sound if it never gets exploited?" asked Dustin Childs, a group manager on the Microsoft Security Response Center's blog Tuesday after recounting the total flaws fixed. "When we become aware of a potential security issue, we work to fix it regardless of whether or not it is under active attack. In other words, it doesn't matter if that falling tree makes a noise; we still have an action to take."

To receive the MS14-035 IE update and others released today, consumers and small businesses or organizations -- anyone using Windows Update to obtain patches -- that have devices running October 2012's Windows 8.1 must have applied Windows 8.1 Update (Win8.1U).

Microsoft issued Win8.1U in early April.

Larger customers, enterprises primarily, that rely on WSUS (Windows Server Update Services), Windows Intune or System Center Configuration Manager to obtain and deploy patches, have until August 12 to migrate from Windows 8.1 to Win8.1U.

Initially, Microsoft gave everyone just five weeks to put Windows 8.1 Update in place or face a no-patch future. But it quickly backed off under pressure from corporate customers, and gave them the three-month extension. At the time, Microsoft retained the May 13 deadline for all others.

But just 24 hours before the cutoff, the consumer deadline was extended to June 10.

Today's MS14-035 included 59 individual CVEs (Common Vulnerabilities and Exposures), the individual identifiers for security bugs that are logged into a central database maintained by Mitre with funding from the U.S. Department of Homeland Security.

Of the 59 total CVEs in MS14-035, 21 were applicable to Internet Explorer 8 (IE8), not only the most-used of Microsoft's browsers, but also the newest that runs on the still-defiant Windows XP. The corporate combination of Windows XP- and Windows 7-powered PCs -- businesses shunned the interim Windows Vista and have largely done the same to Windows 8 -- was a major factor in businesses worldwide standardizing on IE8; it was the latest that ran on both operating systems.

Today, Microsoft again urged customers to yank IE8 from Windows 7 in favor of the newest iteration, IE11, which was released alongside Windows 8.1 last October, and for Windows 7 in November. On Microsoft's IE blog, Fred Pullin, a senior product marketing manager, repeated the firm's contention that IE11 is more secure and that its Enterprise Mode, a new compatibility feature that mimics IE8 for legacy websites and Web apps, is a suitable replacement for the real deal.

IE11, however, received 47 patches, more than twice as many as IE8, a number that some will certainly cite to question Pullin's advice that, "If you are using an older browser, upgrade to the latest version and enable automatic updates for more secure browsing."

Windows 8.1 Update can be downloaded and installed on current Windows 8.1 PCs using Windows Update. Win8.1U will appear as an "Important" update and will be labeled as "KB 2919355."

After Win8.1U has been successfully installed, users can manually re-run Windows Update to retrieve today's seven bulletins, including MS14-035.

Ironically, laggards who have remained on Windows 8, the October 2012 original, have until Jan. 12, 2016 to migrate to Windows 8.1 Update before losing their patch privileges.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is

See more by Gregg Keizer on

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags MicrosoftWindowssoftwareMalware and Vulnerabilitiesoperating systems



Reseller News launches inaugural Hall of Fame lunch

Reseller News launches inaugural Hall of Fame lunch

Reseller News welcomed 2015 and 2016 inductees - Darryl Swann, Dave Rosenberg, Gary Bigwood, Keith Watson, Mike Hill and Scott Green - to the inaugural Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed how the channel can collectively work together to benefit New Zealand, the Kiwi skills shortage and the future of the industry. Photos by Maria Stefina.

Reseller News launches inaugural Hall of Fame lunch
Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Show Comments