August Patch Tuesday: IE Vulnerabilities and Enforcement of 8.1 Update

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next August Patch Tuesday: IE Vulnerabilities and Enforcement of 8.1 Update-6 Next

MS14-046: Important

MS14-046 is for one privately disclosed CVE for a vulnerability in .NET framework that could allow security feature bypass. The important-class bulletin impacts Windows and Windows Server, from Vista to 8.1.

The patches released by Microsoft for the August Patch Tuesday include nine bulletins (two critical and seven important) and cover 38 CVEs. Per Russ Ernst, director of product management at Lumension, IT’s first priority should be the critical, cumulative update for IE. MS14-051 includes 25 CVEs for all supported versions of the browser. All are privately disclosed with the exception of one, CVE-2014-2819, which was publicly disclosed just last week at Black Hat. It allows an attacker to bypass the application sandbox and elevate privilege but it must be combined with another remote code execution vulnerability to ultimately be successful. 

If you feel like you are constantly patching IE – you are. A cumulative update for the browser is now the rule more so than the exception. To help users keep up, Microsoft announced last week that it will support only the most recent version of IE for each supported operating system starting January 2016. In the meantime, it will offer customers migration resources and upgrade guidance.

Also last week, Microsoft said it will push out a new feature in IE that blocks ActiveX controls, including old versions of Java. This is a great security win for the enterprise and IT should consider the creation of a group policy that blocks old versions of one of the bad guys’ favorite attack vectors. That is, of course, as long as your line of business apps are not tied to older versions.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

IT security careers The Most In-Demand Security Jobs and How to Get Them

Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.