IE Leads Patch Tuesday Fixes

Monday, February 17, 2014 @ 11:02 AM gHale


Internet Explorer (IE) was one of the leading culprits behind last week’s Patch Tuesday fixes from Microsoft.

At first, Microsoft said it would issue five bulletins this month, though, but at the last moment on Monday, the software giant added two additional critical bulletins, covering IE and Windows.

RELATED STORIES
Exploit for Patched Flash Bug
Big Network Time Protocol DDoS
Spoofing Bug Infests Uploader Software
GitHub Hit by DDoS Attack, Again

Microsoft did not provide an explanation for the additional bulletins, other than they had finished testing them.

Last year, Microsoft had to recall at least 23 patches, due in part to incomplete testing. That may mean Microsoft is being more conservative when deciding which patches to issue.

For this month, four of the seven bulletins ended up ranked as the highest priority, critical, and the remaining were important. This month’s release of patches covers 31 vulnerabilities.

The critical bulletin covering IE, MS14-010, addresses 24 previously reported vulnerabilities, including one already known. The most severe of these vulnerabilities could allow for remote code execution that could end up triggered by a user visiting a maliciously crafted Web page.

Two other critical bulletins address flaws in the Windows operating system. One critical vulnerability lies in the VBScript Scripting Engine, covered by MS14-011. The second is in the Direct2D hardware acceleration software and ends up addressed by MS14-007. Both could lead to remote execution attacks as well.

The final critical bulletin for February, MS14-008, addresses a privately disclosed vulnerability in Microsoft Forefront Protection for Exchange. The vulnerability could end up exploited by a maliciously crafted email message sent to a Microsoft Exchange server monitored by Forefront security software.

Microsoft discontinued Forefront in 2012, though it will continue supporting the software with bug fixes through 2015, according to security firm Lumension.

The remaining important vulnerabilities cover issues found in Microsoft .Net and Microsoft Windows.



Leave a Reply

You must be logged in to post a comment.