Patch Tuesday for Internet Explorer

Thursday, July 10, 2014 @ 03:07 PM gHale


Microsoft released a critical fix for vulnerabilities in its Internet Explorer web browser, as a part of its latest monthly Patch Tuesday update.

The Internet Explorer (IE) update is one of two critical updates this month and could end up used by hackers to mount remote code-execution attacks.

RELATED STORIES
IE Script Engine at Risk for Attacks
Big Patch Tuesday for Microsoft
Another IE Zero Day
Extreme Risk: SMBs Still Using XP

While the vulnerabilities are not to be trifled with, at least they are not Zero Days, so the potential use to hackers is limited.

The second critical bulletin relates to Microsoft’s now ancient Windows XP Tablet Edition, and its Windows Journal note-taking application. The vulnerability looks as though it is unlikely hackers will bother creating exploits to target it, although a patch should still end up installed.

The July Patch Tuesday release also includes three “important” updates plugging flaws in Windows On-Screen keyboard, afd.sys driver and DirectShow service. All three could end up used by hackers to provide local escalation of privileges.

There is also a fix for a “moderate” flaw in Windows Service Bus that could end up exploited to mount a denial-of-service attack.

Internet Explorer flaws have been an ongoing issue for Microsoft. By comparison, the company issued 59 IE fixes as part of its June Patch Tuesday update.



Leave a Reply

You must be logged in to post a comment.