Menu
Microsoft Patch Tuesday focuses on Internet Explorer

Microsoft Patch Tuesday focuses on Internet Explorer

Microsoft issued 29 patches for its browser, including one that covers a critical vulnerability

Microsoft has issued 29 patches for its Internet Explorer browser, including one fixing a critical vulnerability that would allow a remote attacker to gain access to a computer from over the Internet.

The patches are part of Microsoft's monthly software update cycle, informally called Patch Tuesday.

Overall, Microsoft addressed 41 vulnerabilities this month, including two critical ones that could be used for remote code execution.

Administrators should first look at MS14-051, a collection of 29 patches for Internet Explorer, said Wolfgang Kandek, chief technology officer for IT security firm Qualys. These vulnerabilities range across all currently supported versions of Internet Explorer, from IE6 to IE11.

The other critical vulnerability this month, addressed by MS14-048, is found in Microsoft's OneNote note-taking software. The vulnerability is the worst kind -- a bug that would allow a malicious user to gain control of a machine.

OneNote, which is part of Office, is not as widely used as Word, Excel and PowerPoint, so Microsoft and researchers have been playing down the severity of this bug, but an organization that has this application should patch it immediately, Kandek warned.

Other products patched this month include Windows, SharePoint and SQL Server. The SQL Server patch, addressed in MS14-044, is a rarity in that patches for the database server software don't appear that often, Kandek said.

While administrators are in patching mode, they should also take a look at two sets of patches that Adobe issued Tuesday, for its Reader and Flash software.

In the past few weeks, Microsoft has taken additional measures to better secure IE. It has created blocking mechanisms to stop older, unsecured, ActiveX and Java applications from running when the browser is in Internet-mode. It provides a whitelist that organizations can use to run their legacy Web applications, however.

Microsoft also announced that, as of January 2016, it will stop supporting all but the latest versions of IE, a move to help the company better secure the browser by limiting the number of versions that are being run. Organizations that require a specific version of the browser for legal or compliance reasons can continue to run the software in a new "enterprise mode" of operation that Microsoft has added to the browser.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Microsoftsecurityqualys

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments