Categories: Workspace

No Patch Tuesday Fix for Internet Explorer?

Microsoft is set to release its second major Patch Tuesday update of the year tomorrow (11 Febraury)  and it doesn’t look to be a heavy load.

The advance notification indicates that there will be five security bulletins released on Microsoft’s February Patch Tuesday, with only two of them rated as critical. For the first Patch Tuesday of 2014, Microsoft only had four security bulletins. In contrast, the December 2013 Patch Tuesday update had 11 security bulletins.

There’s nothing wrong with Internet Explorer

What is even more surprising is the fact that the advance notification does not call out any specific Microsoft Internet Explorer (IE)-related vulnerabilities. That doesn’t necessarily mean there won’t be any IE-related updates, as an IE update could emerge as a late addition or one could be embedded in one of the five bulletins.

In January’s advance notification, Microsoft similarly did not include any warning about an IE update. As it turned out, there were no updates for IE in the January Patch Tuesday either, which was the first time in a year that Microsoft did not patch IE.

A recent report from Hewlett-Packard noted that the company’s Zero Day Initiative (ZDI), which acquires vulnerabilities from researchers for payment, had more submissions against IE in 2013 than any other software product.

What’s also surprising about the lack of an IE update is that this is also the time when IE is likely to be heavily targeted. In the upcoming Pwn2own hacking competition (12 to 13 March), and researchers will be directly attacking IE. The Pwn2own contest is organized by HP’s ZDI and offers a $100,000 prize to the attacker who successfully exploits IE11 running on 64-bit Windows 8.1.

In past years, browser vendors have typically patched their respective technologies heavily ahead of the Pwn2own event in a bid to avoid public embarrassment. I suppose Microsoft still can patch IE in March to protect itself, but still, it is surprising not to see an IE-related bulletin manifesting yet in Microsoft’s patch purview.

Time will tell whether or not there is in fact a patch for IE. Time will also tell if Microsoft simply missed one and needs to race out an out-of-band patch. I’ve seen and heard no indication that the volume of IE-related research has slowed down, but given that we might very likely now see two months without a specific critical IE patch roll-up, Microsoft might well have turned the corner on its browser’s security stature.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Are you a security expert? Try our quiz!

Originally published on eWeek.

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Online Safety Bill Tweak To Combat Russian Misinformation

Foreign interference and misinformation to be designated a priority offence under Online Safety Bill, the…

18 mins ago

Intel ‘Playing Politics’ Over Delayed Ohio Chip Factory, Alleges Governor

Ohio Governor Mike DeWine alleges Intel's Ohio factory delay is a negotiating tactic, despite Pat…

3 hours ago

Steve Jobs Posthumously Awarded US Medal Of Freedom

President Joe Biden has named Apple co-founder and former CEO Steve Job, as a posthumous…

4 hours ago

Twitter Seeks Judicial Review Of Indian Takedown Order

Clash continues, Twitter court challenge against Indian government order to remove certain content it deems…

5 hours ago

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

1 day ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

1 day ago