Microsoft has issued a lighter-than-normal Patch Tuesday this month, but IT teams have been urged to fix a host of memory corruption bugs in Internet Explorer.
There were a total of five bulletins in June’s Patch Tuesday, affecting various Microsoft software other than IE, including Windows Print Spooler and the Windows Kernel.
Many of the Internet Explorer flaws, of which there are 19 in total, could be used to execute code remotely. That is “definitely something to worry about especially when it affects a browser”, said Ziv Mador, director of security research at Trustwave.
“Traditionally, we’ve seen exploit kits, such as the Blackhole Exploit Kit to implement exploits that target IE vulnerabilities. Fortunately, none of these appear to be added quite yet,” he added.
The flaws affect all versions of IE, from IE6 to IE10, running on all versions of Windows, from XP to RT.
“Given the large number of vulnerabilities fixed, this will be the main target for attackers to reverse engineer and construct an exploit that can be delivered through a malicious webpage. Apply this bulletin as quickly as possible on all workstations that use IE for Internet access,” added Wolfgang Kandek, CTO of Qualys.
Kandek said IT should also look at update MS13-051 for Microsoft Office 2003 on Windows and 2011 for Mac OS X, which has been exploited in the wild. The only reason Microsoft has rated it as important is because it requires user action, which is easy to inspire with some smart social engineering.
“It addresses a parsing vulnerability for the PNG graphic format that is currently in limited use in the wild. The attack arrives in an Office document and is triggered when the user opens the document,” he added.
Microsoft has not chosen to fix a bug recently detailed by Google researcher Tavis Ormandy, which could be used to gain control over a victim’s PC, and experts fear underground hackers are drawing together exploits.
Meanwhile, Adobe has addressed one vulnerability in its latest version of Flash.
What do you know about Internet security? Find out with our quiz!
Workforce blow. Newly privatised Toshiba has embarked on a 'revitalisation plan' that will entail the…
European Commission opens an official child safety investigation into Facebook and Instagram-owner Meta Platforms
Hundreds of AI and cloud engineers are being offered relocation out of China by Microsoft,…
Workers at unionised Apple store in Maryland vote to authorise first ever strike, after delays…
Elon Musk loses bid to avoid court order to force him to testify in SEC…
Explore how cutting-edge technologies are reshaping decision-making, driving innovation, and propelling businesses into the data-driven…
