All the latest UK technology news, reviews and analysis

Microsoft issues 59 fixes for Internet Explorer in Patch Tuesday release

11 Jun 2014
Microsoft Internet Explorer

Microsoft has released a staggering 59 security fixes for various versions of Internet Explorer, underlining the problems the browser poses to the firm and web users.

Microsoft has issued the fixes as one cumulative update for IE as part of the latest Patch Tuesday release, alongside six other bulletins that provide fixes for tools including Word, Office and Windows.

It is the fixes for IE that gain the most attention owing to the sheer number of problems addressed and the severity of some of the vulnerabilities, as Microsoft explained.

"This security update resolves two publicly disclosed vulnerabilities and 57 privately reported vulnerabilities in IE. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using IE," the firm said.

"An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user."

The update is rated critical for IE 6, 7, 8, 9, 10 and 11 for those using the browser on Windows clients, while it is rated as important for those using these browsers on affected Windows servers.

One of the fixes covers the a publicly disclosed vulnerability that Microsoft was first made aware of in November 2013 by the Zero Day Initiative. Microsoft promised last month it was working on a fix.

Security manager at Microsoft Dustin Childs wrote in a blog post that, while the number of fixes being released was high, the firm had not seen any active exploits against its products using these vulnerabilities.

"While there are a number of things being addressed this time around, it's important to note that, to our knowledge, none of these now-addressed CVEs have caused any customer impact to date," he said.

The other critical fix issued in the latest release covers two privately revealed flaws that could affect Windows, Office, and Lync, as Microsoft explained.

"The vulnerabilities could allow remote code execution if a user opens a specially crafted file or webpage," the firm said.

The issue is rated critical for all supported editions of Windows, Microsoft Live Meeting 2007, Microsoft Lync 2010 and Microsoft Lync 2013, while it is set as important for all supported editions of Microsoft Office 2007 and Microsoft Office 2010.

In total the bulletins issued by Microsoft for the first half of the year total 36, 10 fewer than the same time last year. The CTO of security firm Qualys, Wolfgang Kandek, said this was quite low and could lead to a busy second half of the year.

"We have become accustomed to see around 100 security bulletins for Microsoft products a year, but it looks as if we are in for fewer this year. This runs counter to the general tendency of the year which has already seen its shares of big breaches, 0-days and the big Heartbleed vulnerability in OpenSSL," he said.

"Maybe the reduced count is based on the increased presence of vulnerability brokers that buy up vulnerabilities for internal use? We will see how the second part of the year develops."

The release of the latest Patch Tuesday update coincides with the deadline for security support for Microsoft 8.1 coming to an end. Now, anyone using a device on Windows 8.1, rather than the new Windows 8.1 Upgrade version, will not receive security updates and fixes. However, those still on Windows 8 remain supported.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Operating Systems
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Infrastructure Lead/Manager

On behalf of our client we are looking for a Technical...

Digital Solution Architect - Telecoms - £75 - 80K Basic + Bonus

Digital Solution Architect - Telecoms - £75 - 80K Basic...

Senior C# WPF Developer - London - £60-65K

Senior C# WPF Developer - London - £60-65K Basic + Bonus...

Lead C# .NET Developer - West London - £55-65K Basic

Lead C# .NET Developer - C# ASP.NET MVC, TDD/BDD - West...
To send to more than one email address, simply separate each address with a comma.