All the latest UK technology news, reviews and analysis


Internet Explorer zero-day highlights Microsoft May patch release

14 May 2013
Security threats - password theft

Users and administrators are being advised to update their systems following the release of Microsoft's monthly security update.

The May edition of Patch Tuesday includes critical fixes for a zero-day vulnerability in Internet Explorer (IE) along with one other patch rated by the company as a critical security risk. If exploited, the flaws could allow an attacker to remotely execute code on a targeted system.

Microsoft has listed the critical patches as a top deployment priority, a sentiment shared by security experts following the release.

Marc Maiffret, chief technology officer for BeyondTrust, told V3 that the scope of the flaws, which impacted every current supported version of both IE and Windows, along with the zero-day status, make the deployments an important fix for all users.

Maiffret noted that while an alternative browser such as Chrome or Firefox could mitigate some of the risk, users should still keep their systems patched in case IE is still set as the default application for some files and applications.

"We have a lot of customers that do run Chrome," he said, "the thing you want to make sure of is that you don't just have Chrome installed alongside but make sure it is the default browser, and not just the browser on the desktop."

Other security issues addressed in the update include eight bulletins rated by Microsoft as 'important' security risks. The flaws include remote code execution as well as a denial of service and another elevation of privilege flaw which could prove to be bigger issues for some customers.

Maiffret said that for administrators of Windows Server 2012 systems, a flaw in the HTTP.sys component could be targeted to perform denial of service attacks, possibly crippling a system and preventing user access for the duration of the attack. The fix has been classified as a top deployment priority for Server 2012.

Similarly, a flaw in Windows XP could be exploited in conjunction with other attacks. Maiffret, who does not recommend running the dated platform in a business setting due to security concerns, explained that an attacker could potentially target one of the Internet Explorer flaws to access a system with local user clearance and then target the elevation privilege flaw to gain total control over the system and potentially wreak further havoc.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
3%
10%
4%
22%
4%
44%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Technical Support Analyst - Urgent - SQL, Application, Software

Technical Support Analyst - Urgent - Windows, Linux...

Director of New Marketing Channels / Head of Demand Innovation

Director of New Marketing Channels / Head of Demand Innovation...

Head of Testing

About University of Nottingham Are you are an experienced...

IT Systems Analyst / Systems Administrator

IT Systems Analyst / Systems Administrator job role required...
To send to more than one email address, simply separate each address with a comma.