{"id":5710,"date":"2014-06-10T17:30:23","date_gmt":"2014-06-10T21:30:23","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=5710"},"modified":"2014-06-10T17:30:23","modified_gmt":"2014-06-10T21:30:23","slug":"microsoft-pushes-out-massive-security-update-for-internet-explorer","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/10\/microsoft-pushes-out-massive-security-update-for-internet-explorer\/","title":{"rendered":"Microsoft pushes out massive security update for Internet Explorer"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Microsoft pushes out massive security update for Internet Explorer<\/p>\n

Six down, six to go. Today is the Microsoft Patch Tuesday for June, and it comes with seven new security bulletins. The good news is that five of the seven are only rated as Important, but one of the two Critical security bulletins\u2014the cumulative update for Internet Explorer\u2014is huge.<\/p>\n

In all, the seven security bulletins address a total of 66 specific vulnerabilities. The Cumulative Security Update for Internet Explorer (MS14-035) accounts for 59 of them\u2014a record for a single Microsoft security bulletin.<\/p>\n

Microsoft issued fixes for flaws in remote desktop, Lync Server, XML Core Services, Word, the TCP protocol, and the Microsoft Graphics Component that affect a range of products and services including versions of Windows and Office. The impact of a successful exploit ranges from denial of service, to information disclosure, to remote code execution, but the \u201cstar\u201d of the show is Internet Explorer.<\/p>\n

\u201cLast month, IE saw a lot of activity, first with the out-of-band patch released on May 1, a point fix released as part of May\u2019s Patch Tuesday, and a vulnerability that was publicly disclosed by the Zero-Day Initiative on May 21,\u201d says Russ Ernst, director of product management for Lumension.<\/p>\n

The cumulative update from Microsoft includes a fix for the vulnerability reported to ZDI. Thankfully, none of the vulnerabilities fixed by this update are actively under attack as far as we know. Even the two flaws that are already publicly disclosed are not facing any known active attacks.<\/p>\n

That said, with 59 separate vulnerabilities in the most widely-used browser, it is an absolute certainty that malware developers will be working diligently to reverse-engineer the patches and craft exploits to target those flaws. It is absolutely imperative that you apply the patch for MS14-035 as soon as possible.<\/p>\n

The other Critical security bulletin this month\u2014MS14-036\u2014addresses a couple vulnerabilities in Microsoft Graphics component that could enable remote code execution if successfully exploited. The list of affected applications is extensive, including all versions of Windows and Office.<\/p>\n

Tyler Reguly, manager of security research for Tripwire, stresses that upgrading to more current operating systems and applications has perks from a security perspective. \u201cMS14-034, which affects only Office 2007, is a reminder that Microsoft’s Security Development Lifecycle really does work,” he says. “It would be nice to see them shorten their support Windows, forcing consumers and enterprises to upgrade more frequently. This would remove older, more vulnerable software from the picture.\u201d<\/p>\n

Review the security bulletins from Microsoft and figure out which ones apply to you. I recommend you install all applicable updates to fix vulnerabilities before malware developers figure out how to exploit them. Start with the two Critical updates\u2014MS14-035 and MS14-036\u2014but then move as quickly as possible to implement the rest of the updates as well.<\/p>\n

via Microsoft pushes out massive security update for Internet Explorer | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft pushes out massive security update for Internet Explorer Six down, six to go. Today is the Microsoft Patch Tuesday […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5,7,11],"tags":[536,680,800],"class_list":["post-5710","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","category-windows","tag-internet-explorer","tag-microsoft-2","tag-patches"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1u6","jetpack-related-posts":[{"id":3141,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/08\/microsoft-to-release-three-critical-security-bulletins-tuesday-neowin\/","url_meta":{"origin":5710,"position":0},"title":"Microsoft to release three critical security bulletins Tuesday","author":"NCCT","date":"August 8, 2013","format":false,"excerpt":"In July, Microsoft released six critical security bulletins, out of a total of seven, for its software as part of its regular monthly Patch Tuesday event. For August, Microsoft will release a total of eight security bulletins but just three of them are considered critical. Microsoft's summary of this month's\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6231,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/11\/microsoft-to-issue-many-windows-patches\/","url_meta":{"origin":5710,"position":1},"title":"Microsoft to issue many Windows patches","author":"NCCT","date":"August 11, 2014","format":false,"excerpt":"Microsoft has released their advance notification for the August 2014 Patch Tuesday updates. There will be a total of nine updates issued next Tuesday, August 12, two of them rated critical. The two critical bugs affect Windows and Internet Explorer. The critical Windows update affects only business and professional editions\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6254,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/20\/internet-explorer-running-slow-dialog-boxes-could-be-at-fault\/","url_meta":{"origin":5710,"position":2},"title":"Internet Explorer running slow? Dialog boxes could be at fault","author":"NCCT","date":"August 20, 2014","format":false,"excerpt":"If you\u2019ve noticed Internet Explorer running slowly lately\u2014or just halting altogether\u2014here\u2019s one possible cause: dialog boxes. On Friday, the same day that Microsoft recommended users download the latest updates for Windows 7 and 8, Microsoft issued a hotfix for Internet Explorer. According to a support article issued Friday, \"web applications\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6247,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/19\/microsoft-pulls-its-august-windows-update-after-users-report-crashes\/","url_meta":{"origin":5710,"position":3},"title":"Microsoft pulls its August Windows update after users report crashes","author":"NCCT","date":"August 19, 2014","format":false,"excerpt":"Microsoft has pulled its August Update for Windows after users reported crashes and issues restarting their systems. The company is currently recommending users uninstall the update. Microsoft said that it discovered issues relating to four individual updates associated with the August Update: 2982791, 2970228, 2975719, and 297533. The updates addressed\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2941,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/07\/16\/ie10-captures-second-place-among-microsofts-browsers\/","url_meta":{"origin":5710,"position":4},"title":"IE10 captures second place among Microsoft's browsers","author":"NCCT","date":"July 16, 2013","format":false,"excerpt":"Internet Explorer 10 (IE10) jumped into second place among Microsoft's browsers last month, pushing past IE9 through an enforced upgrade. IE10's user share climbed from 16.5 percent to a record 24 percent of all copies of Internet Explorer in June, according to Web measurement firm Net Applications. Among Microsoft's five\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5780,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/17\/preview-cutting-edge-internet-explorer-features-early-with-new-test-build-browser\/","url_meta":{"origin":5710,"position":5},"title":"Preview cutting-edge Internet Explorer features early with new test build browser","author":"NCCT","date":"June 17, 2014","format":false,"excerpt":"Developers can try out new features of the next version of Internet Explorer using a test edition Microsoft has released for their use. The Internet Explorer Developer Channel, which can be downloaded for Windows 8.1 and Windows 7 SP1, runs independently of the user\u2019s copy of IE, allowing programmers to\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5710","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=5710"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5710\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=5710"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=5710"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=5710"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}