Eight security bulletins were released by Microsoft, including one update that resolves 11 privately reported vulnerabilities in Internet Explorer
Microsoft Corp.’s monthly Patch Tuesday arrived with a familiar gift: More fixes for Internet Explorer.
As IDG News reports, fixes for IE dominated the 19 critical vulnerabilities patched last month, and this month there’s more of the same.
It’s not that the browser is inherently leaky, say industry analysts. It’s just that as the most popular browser it’s the one hackers go after first.
Eight security bulletins were released by Microsoft on Tuesday, which will host a Webcast today at 11 a.m. Pacific/2 p.m. Eastern to answer customer questions.
One of the updates resolves 11 privately reported vulnerabilities, the most severe of which could allow a remote code execution if a user views a specially crafted web page in IE, Microsoft said.
Another resolves three publicly disclosed vulnerabilities in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).
The transcoding service uses the credentials of the LocalService account. The Data Loss Prevention feature hosts code that could allow remote code execution in the security context of the Filtering Management service if a specially crafted message is received by the Exchange server. The Filtering Management service in Exchange uses the credentials of the LocalService account. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.
IT departments look after the PCs of organizations, but as the article points out, experts are frustrated why IE isn’t regularly patched because Microsoft makes it easy. This is becoming even more important in an era of BYOD where staff is responsible for installing updates — although some enterprise security software will push certain updates when approved devices connect to the network.
To check if your version of IE is safe, open the browser (which you’ve done already otherwise you wouldn’t be reading this), click on Help and then About Internet Explorer. Make sure you’ve got version 10, and also make sure Install New Versions Automatically is checked.
Finally, if you haven’t set Windows to automatically download updates (you do it through Control Panel or access Windows Update from the Start menu) get into the habit of checking Windows Update on the second Tuesday of every month.