Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / Critical IE Update on Patch Tuesday
Patch Tuesday Low-Key, But Brings Critical IE Update
Patch Tuesday Low-Key, But Brings Critical IE Update
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Microsoft’s June Patch Tuesdays are usually light and this year’s release was no exception. On Tuesday the tech giant pushed out eight bulletins, including two critical updates and six important updates.

Redmond issued fixes for critical bugs in Internet Explorer and Windows Media Player. Flaws rated “important” in Microsoft Office, Microsoft Common Controls, Windows, Active Directory Federation Services, and Microsoft Exchange Server also received patches.

The relatively low number of patches is good news for those who have their sights set on summer vacation. But Russ Ernst, director of product management at security solutions firm HEAT Software, told us this release also makes us wonder how many more of these Patch Tuesday cycles we will have. But first things first.

Please Patch Now

“If you’re using IE, patch it now, please. We see a patch every month for this popular browser for a reason,” Ernst said. “The bad guys love to exploit it along with all of the other popular browsers like Firefox and Chrome, and in too many instances, they are successful. This month, attackers could force a remote code execution and gain the same rights as the affected user.”

MS15-059 should be second on your list of priorities, according to Ernst. That’s because although rated as important, it impacts all shipping desktop versions of Microsoft Office. The bulletin addresses three vulnerabilities in Office that an attacker can use for remote code execution.

“There are other Microsoft bulletins to deal with -- including critical MS15-057 that impacts Windows Media Player and grants full user rights to the attacker when a malicious file is played," he said. "But you’ll also need to prioritize a vulnerability in Adobe Flash. APSB15-11 is the eighth update of Flash Player this year and updates 13 vulnerabilities that span across Windows and Mac desktops."

Patch Tuesday Questions Remain

So what about Patch Tuesday? Ernst said the release of Windows 10 may change how you push security updates. He said that Microsoft “has been clear as mud on this process question” and pointed to a Microsoft FAQ explaining that licensed Home users will see updates pushed automatically when they become available.

“This process should get the millions of Home machines using Windows updated faster, and that’s a good thing, but what about the patches that fail? Are Home users the unfortunate testing ground?” he asked. “Only time will tell. And while enterprise users will have more choice on when to push updates, how that gets done has not yet been precisely defined.”

In conclusion, Ernst said he sees plenty of legacy software that needs updating in this month’s patch load. He said that concerns him because the new Windows Update for Business does not make clear how these systems will be updated.

“Will organizations who choose to remain on older systems receive updates on the typical Patch Tuesday cycle? It isn’t clear yet but one thing remains true. If you can update, you should,” he said. “Remember, Windows Server 2003 reaches end of life next month. Hopefully you are working your migration plan.”

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.