Microsoft to Patch Critical Windows and IE Bugs This Week
Microsoft announced last week that a new update was coming March 11 to help fix security issues within Windows and Internet Explorer. One of the biggest areas of concern is in Internet Explorer 10. Last month, security company FireEye discovered an attack code found on the Veterans of Foreign Wars’ Web Site. Security firm Websense reported finding similar code exploiting a security vulnerability on the compromised Web site of a French aerospace association. This indicates that the exploits have been occurring since January 20.
Last month, Microsoft gave users a Fixi-It tool as a temporary fix for IE which has been rated as “critical”. The critical classification is Microsoft’s most severe classification- indicating that this could pose huge security threats for users. The flaw that needs to be fixed also affects IE 9 but has not yet been exploited.
The other security update also addresses a Windows vulnerability rated as “critical”. This flaw allows remote code execution in all Windows versions other than RT and Sever Core. Two other Windows updates will also be released. These updates are rated as “important” because they address a privilege elevation vulnerability and a security feature bypass that affects nearly all Windows versions.
A fifth and final update (also rated by Microsoft as “important”) will patch a security feature bypass flaw in Silverlight 5. Silverlight is a multimedia player plug-in used to stream content to Windows and Mac OS X computers.
All of these updates address issues on most supported versions of Windows, including Windows XP. Windows XP support is set to end in April. This could be the last major update to the system. Because of this, Microsoft is still urging users to upgrade to Windows 7 or Windows 8.1.