Not surprisingly, the first on the list, MS14-012, is another cumulative update to all versions of Internet Explorer. It fixes 18 CVEs, including the IE Zero Day we saw last month that Microsoft addressed with the release of security advisory 2934088 on February 19. Anymore, it’s cause for pause when we don’t see an IE update in Microsoft’s Patch Tuesday; it’s a popular browser and a favorite among attackers. Internet Explorer accounted for 27 percent of all Microsoft vulnerabilities last year, making it the most targeted Microsoft application. While updating IE, make sure you also include the Flash Player update from Adobe released on February 20.
Microsoft released five updates for a total of 23 CVEs for the March Patch Tuesday. Two patches are rated critical and the remaining bulletins are rated Important. Russ Ernst, director, product management at Lumension, provides more information on this month's updates.