August Patch Tuesday: IE Vulnerabilities and Enforcement of 8.1 Update

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next August Patch Tuesday: IE Vulnerabilities and Enforcement of 8.1 Update-6 Next

MS14-046: Important

MS14-046 is for one privately disclosed CVE for a vulnerability in .NET framework that could allow security feature bypass. The important-class bulletin impacts Windows and Windows Server, from Vista to 8.1.

The patches released by Microsoft for the August Patch Tuesday include nine bulletins (two critical and seven important) and cover 38 CVEs. Per Russ Ernst, director of product management at Lumension, IT’s first priority should be the critical, cumulative update for IE. MS14-051 includes 25 CVEs for all supported versions of the browser. All are privately disclosed with the exception of one, CVE-2014-2819, which was publicly disclosed just last week at Black Hat. It allows an attacker to bypass the application sandbox and elevate privilege but it must be combined with another remote code execution vulnerability to ultimately be successful. 

If you feel like you are constantly patching IE – you are. A cumulative update for the browser is now the rule more so than the exception. To help users keep up, Microsoft announced last week that it will support only the most recent version of IE for each supported operating system starting January 2016. In the meantime, it will offer customers migration resources and upgrade guidance.

Also last week, Microsoft said it will push out a new feature in IE that blocks ActiveX controls, including old versions of Java. This is a great security win for the enterprise and IT should consider the creation of a group policy that blocks old versions of one of the bad guys’ favorite attack vectors. That is, of course, as long as your line of business apps are not tied to older versions.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.