Menu
Microsoft fixes buggy browser in Patch Tuesday update

Microsoft fixes buggy browser in Patch Tuesday update

Internet Explorer got 24 fixes in this month's Patch Tuesday, including 20 that cover critical vulnerabilities

Security research firm Qualys has found that,. on average, Microsoft fixes about 20 vulnerabilities in the Internet Explorer browser

Security research firm Qualys has found that,. on average, Microsoft fixes about 20 vulnerabilities in the Internet Explorer browser

Internet Explorer, always heavily scrutinized by both security researchers and online attackers, has once again gotten the majority of patches in this month's Microsoft's Patch Tuesday round of monthly bug fixes.

For June, Microsoft issued 8 bulletins, which collectively contain 45 patches. The bulletin for IE alone MS15-06 contains 24 patches, including 20 that cover critical flaws, meaning they should be applied as quickly as possible.

Other bulletins cover faults in the Windows operating system, the Office suite, Windows Media Player, Active Directory, and the Exchange Server.

On average, Microsoft issues about 20 patches a month for IE, noted Wolfgang Kandek chief technology officer for IT security firm Qualys.

IE is probably not significantly any more buggy than any other piece of complex software, Kandek said, but it gets the lion's share of scrutiny from both security researchers and malicious hackers alike, given that it connects users to the online world.

It will be interesting to track how many flaws Microsoft's new Edge browser will generate each month, once this IE replacement is released with Windows 10 later this year, Kandek said.

On the one hand, new software almost always has more bugs than software that has been tested and refined over time. But Microsoft may have also implemented more security conscious development practices in the 20 years since IE was first built.

This month's fixes for Windows Media Player, MS15-060, were also designated as critical.

These flaws would allow an attacker to gain entry to a user's system if the user clicks on a Web link that the media software would open automatically, such as streaming music or a video file, said Amol Sarwate, Qualys director of engineering.

Enterprises administrators should immediately tend to MS15-059, a collection of fixes for Microsoft Office, Sarwate advised. This bulletin addresses a series of vulnerabilities found in Office 2007, Office 2010, and Office 2013 that allow an attacker to gain control of a computer by tricking the user into opening a maliciously crafted Office document.

One curious aspect to this month's round of security bulletins is how one bulletin appears to have not been issued. Typically Microsoft numbers bulletins in sequential order. This month, it issued MS15-056 and MS15-057, as well as MS15-059 and MS15-060, but not a MS15-058 bulletin.

This bulletin could have been pulled due to a failure found in last-minute testing, Kandek speculated. This would not be surprising given that some previous Microsoft patches have caused operational issues with customers.

Administrators should also take look at a set of critical patches that Adobe has issued for its Flash player, Kandek advised.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftpatch managementpatchesExploits / vulnerabilities

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments