Microsoft Patches 59 IE Flaws in June Patch Tuesday

Redmond on Tuesday released seven security bulletins and updates to tackle a whopping 66 vulnerabilities in its software. Two of the bulletins are rated critical and five are rated important. The good news is one patch -- MS14-035 -- fixes 59 flaws in Internet Explorer.

The big news, of course, is the IE cumulative update. Although Microsoft's JuneEUs Patch Tuesday goes well beyond IE, security researchers agree that this patch should be the top priority in June.

We caught up with Russ Ernst, Director of Product Management at security software firm Lumension, to get his take on the IE issue. He reminded us that in May IE saw plenty of activity, first with the out-of-band patch -- an issue fix released as part of MayEUs Patch Tuesday -- and a vulnerability that was publicly disclosed by the Zero-Day Initiative (ZDI) on May 21.

EUThis cumulative update includes a fix for the ZDI reported vulnerability and one other publicly reported vulnerability,EU Ernst said. EUThe ZDI reported vulnerability had a limited attack surface -- impacting IE 8 only -- and since it was publicly reported, there are no known active attacks. In fact, none of the vulnerabilities in this monthEUs release are under active attack, including these two publicly reported vulnerabilities.EU

Beyond the IE Jumbo Patch

Craig Young, security expert at security software firm Tripwire, told us ZDI advisory has given attackers a head start understanding this vulnerability, possibly reducing the time required for researchers to reverse engineer the fix and devise exploit code. But there are issues beyond IE to worry about. MS14-031 is a vulnerability in the TCP (transmission control protocol) that could allow denial of service in Windows Vista and newer Windows operating systems.

EUIn another blast from the past, Microsoft has updated the TCP stack to account for a resource exhaustion attack...

Comments are closed.