Menu
Microsoft Patch Tuesday focuses on Internet Explorer

Microsoft Patch Tuesday focuses on Internet Explorer

Microsoft issued 29 patches for its browser, including one that covers a critical vulnerability

Microsoft has issued 29 patches for its Internet Explorer browser, including one fixing a critical vulnerability that would allow a remote attacker to gain access to a computer from over the Internet.

The patches are part of Microsoft's monthly software update cycle, informally called Patch Tuesday.

Overall, Microsoft addressed 41 vulnerabilities this month, including two critical ones that could be used for remote code execution.

Administrators should first look at MS14-051, a collection of 29 patches for Internet Explorer, said Wolfgang Kandek, chief technology officer for IT security firm Qualys. These vulnerabilities range across all currently supported versions of Internet Explorer, from IE6 to IE11.

The other critical vulnerability this month, addressed by MS14-048, is found in Microsoft's OneNote note-taking software. The vulnerability is the worst kind -- a bug that would allow a malicious user to gain control of a machine.

OneNote, which is part of Office, is not as widely used as Word, Excel and PowerPoint, so Microsoft and researchers have been playing down the severity of this bug, but an organization that has this application should patch it immediately, Kandek warned.

Other products patched this month include Windows, SharePoint and SQL Server. The SQL Server patch, addressed in MS14-044, is a rarity in that patches for the database server software don't appear that often, Kandek said.

While administrators are in patching mode, they should also take a look at two sets of patches that Adobe issued Tuesday, for its Reader and Flash software.

In the past few weeks, Microsoft has taken additional measures to better secure IE. It has created blocking mechanisms to stop older, unsecured, ActiveX and Java applications from running when the browser is in Internet-mode. It provides a whitelist that organizations can use to run their legacy Web applications, however.

Microsoft also announced that, as of January 2016, it will stop supporting all but the latest versions of IE, a move to help the company better secure the browser by limiting the number of versions that are being run. Organizations that require a specific version of the browser for legal or compliance reasons can continue to run the software in a new "enterprise mode" of operation that Microsoft has added to the browser.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags Microsoftsecurityqualys

Featured

Slideshows

Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Reseller News ICT Industry Awards 2017 - Meet the winners...

Reseller News ICT Industry Awards 2017 - Meet the winners...

Reseller News honoured the industry’s finest on a standout evening for the New Zealand channel, recognising the achievements of established and emerging partners on a memorable night in Auckland.

Reseller News ICT Industry Awards 2017 - Meet the winners...
Show Comments