Patch Tuesday brings more IE fixes

 

Microsoft Corp.’s monthly Patch Tuesday arrived with a familiar gift: More fixes for Internet Explorer.

As IDG News reports, fixes for IE dominated the 19 critical vulnerabilities patched last month, and this month there’s more of the same.

It’s not that the browser is inherently leaky, say industry analysts. It’s just that as the most popular browser it’s the one hackers go after first.

Eight security bulletins were released by Microsoft on Tuesday, which will host a Webcast today at 11 a.m. Pacific/2 p.m. Eastern to answer customer questions.

One of the updates resolves 11 privately reported vulnerabilities, the most severe of which could allow a remote code execution if a user views a specially crafted web page in IE, Microsoft said.

Another resolves three publicly disclosed vulnerabilities in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).

The transcoding service uses the credentials of the LocalService account. The Data Loss Prevention feature hosts code that could allow remote code execution in the security context of the Filtering Management service if a specially crafted message is received by the Exchange server. The Filtering Management service in Exchange uses the credentials of the LocalService account. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.

The apparent never end to software vulnerabilities is frustrating to a number of security experts, and what makes some of them even more concerned is the inability of consumers to realize the importance of patching their personal computers.

IT departments look after the PCs of organizations, but as the article points out, experts are frustrated why IE isn’t regularly patched because Microsoft makes it easy. This is becoming even more important in an era of BYOD where staff is responsible for installing updates — although some enterprise security software will push certain updates when approved devices connect to the network.

To check if your version of IE is safe, open the browser (which you’ve done already otherwise you wouldn’t be reading this), click on Help and then About Internet Explorer. Make sure you’ve got version 10, and also make sure Install New Versions Automatically is checked.

Finally, if you haven’t set Windows to automatically download updates (you do it through Control Panel or access Windows Update from the Start menu) get into the habit of checking Windows Update on the second Tuesday of every month.

To read the IDG story click here



Related Download
Addressing Advanced Email Threats: Protect Your Data and Brand Sponsor: Cisco
Addressing Advanced Email Threats: Protect Your Data and Brand
Email has evolved from a tool used primarily by technical and research professionals to become the backbone of corporate communications.
Register Now