Menu
Microsoft Patch Tuesday focuses on Internet Explorer

Microsoft Patch Tuesday focuses on Internet Explorer

Microsoft issued 29 patches for its browser, including one that covers a critical vulnerability

Microsoft has issued 29 patches for its Internet Explorer browser, including one fixing a critical vulnerability that would allow a remote attacker to gain access to a computer from over the Internet.

The patches are part of Microsoft's monthly software update cycle, informally called Patch Tuesday.

Overall, Microsoft addressed 41 vulnerabilities this month, including two critical ones that could be used for remote code execution.

Administrators should first look at MS14-051, a collection of 29 patches for Internet Explorer, said Wolfgang Kandek, chief technology officer for IT security firm Qualys. These vulnerabilities range across all currently supported versions of Internet Explorer, from IE6 to IE11.

The other critical vulnerability this month, addressed by MS14-048, is found in Microsoft's OneNote note-taking software. The vulnerability is the worst kind -- a bug that would allow a malicious user to gain control of a machine.

OneNote, which is part of Office, is not as widely used as Word, Excel and PowerPoint, so Microsoft and researchers have been playing down the severity of this bug, but an organization that has this application should patch it immediately, Kandek warned.

Other products patched this month include Windows, SharePoint and SQL Server. The SQL Server patch, addressed in MS14-044, is a rarity in that patches for the database server software don't appear that often, Kandek said.

While administrators are in patching mode, they should also take a look at two sets of patches that Adobe issued Tuesday, for its Reader and Flash software.

In the past few weeks, Microsoft has taken additional measures to better secure IE. It has created blocking mechanisms to stop older, unsecured, ActiveX and Java applications from running when the browser is in Internet-mode. It provides a whitelist that organizations can use to run their legacy Web applications, however.

Microsoft also announced that, as of January 2016, it will stop supporting all but the latest versions of IE, a move to help the company better secure the browser by limiting the number of versions that are being run. Organizations that require a specific version of the browser for legal or compliance reasons can continue to run the software in a new "enterprise mode" of operation that Microsoft has added to the browser.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Microsoftsecurityqualys

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments