Patch Tuesday brings more IE fixes

 

Microsoft Corp.’s monthly Patch Tuesday arrived with a familiar gift: More fixes for Internet Explorer.

As IDG News reports, fixes for IE dominated the 19 critical vulnerabilities patched last month, and this month there’s more of the same.

It’s not that the browser is inherently leaky, say industry analysts. It’s just that as the most popular browser it’s the one hackers go after first.

Eight security bulletins were released by Microsoft on Tuesday, which will host a Webcast today at 11 a.m. Pacific/2 p.m. Eastern to answer customer questions.

One of the updates resolves 11 privately reported vulnerabilities, the most severe of which could allow a remote code execution if a user views a specially crafted web page in IE, Microsoft said.

Another resolves three publicly disclosed vulnerabilities in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).

The transcoding service uses the credentials of the LocalService account. The Data Loss Prevention feature hosts code that could allow remote code execution in the security context of the Filtering Management service if a specially crafted message is received by the Exchange server. The Filtering Management service in Exchange uses the credentials of the LocalService account. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.

The apparent never end to software vulnerabilities is frustrating to a number of security experts, and what makes some of them even more concerned is the inability of consumers to realize the importance of patching their personal computers.

IT departments look after the PCs of organizations, but as the article points out, experts are frustrated why IE isn’t regularly patched because Microsoft makes it easy. This is becoming even more important in an era of BYOD where staff is responsible for installing updates — although some enterprise security software will push certain updates when approved devices connect to the network.

To check if your version of IE is safe, open the browser (which you’ve done already otherwise you wouldn’t be reading this), click on Help and then About Internet Explorer. Make sure you’ve got version 10, and also make sure Install New Versions Automatically is checked.

Finally, if you haven’t set Windows to automatically download updates (you do it through Control Panel or access Windows Update from the Start menu) get into the habit of checking Windows Update on the second Tuesday of every month.

To read the IDG story click here

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now