All the latest UK technology news, reviews and analysis


Internet Explorer zero-day highlights Microsoft May patch release

14 May 2013
Security threats - password theft

Users and administrators are being advised to update their systems following the release of Microsoft's monthly security update.

The May edition of Patch Tuesday includes critical fixes for a zero-day vulnerability in Internet Explorer (IE) along with one other patch rated by the company as a critical security risk. If exploited, the flaws could allow an attacker to remotely execute code on a targeted system.

Microsoft has listed the critical patches as a top deployment priority, a sentiment shared by security experts following the release.

Marc Maiffret, chief technology officer for BeyondTrust, told V3 that the scope of the flaws, which impacted every current supported version of both IE and Windows, along with the zero-day status, make the deployments an important fix for all users.

Maiffret noted that while an alternative browser such as Chrome or Firefox could mitigate some of the risk, users should still keep their systems patched in case IE is still set as the default application for some files and applications.

"We have a lot of customers that do run Chrome," he said, "the thing you want to make sure of is that you don't just have Chrome installed alongside but make sure it is the default browser, and not just the browser on the desktop."

Other security issues addressed in the update include eight bulletins rated by Microsoft as 'important' security risks. The flaws include remote code execution as well as a denial of service and another elevation of privilege flaw which could prove to be bigger issues for some customers.

Maiffret said that for administrators of Windows Server 2012 systems, a flaw in the HTTP.sys component could be targeted to perform denial of service attacks, possibly crippling a system and preventing user access for the duration of the attack. The fix has been classified as a top deployment priority for Server 2012.

Similarly, a flaw in Windows XP could be exploited in conjunction with other attacks. Maiffret, who does not recommend running the dated platform in a business setting due to security concerns, explained that an attacker could potentially target one of the Internet Explorer flaws to access a system with local user clearance and then target the elevation privilege flaw to gain total control over the system and potentially wreak further havoc.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

Microsoft Azure outage

Is cloud computing reliable enough for business yet?
9%
8%
19%
64%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

CRM Project Manager / Business Analyst

CRM Business Analyst / Project Manager with experience...

Web Developer (PHP, MVC)

Mid Level Web Developer (PHP, MVC) £25,000 - £35,000...

PHP Web Developer - £35k

PHP Web Developer - Andover £25k-£35k A small but growing...

Application Support - Basingstoke - £20k -£30k

Application Support - Basingstoke, Hampshire - £20,000...
To send to more than one email address, simply separate each address with a comma.