Patch Tuesday: Critical IE, Windows 8.1 Flaws Fixed
This month's Patch Tuesday brings two major fixes for Internet Explorer zero-day flaws. In total, Microsoft has released eight new security bulletins, four of which have been marked 'critical' -- Microsoft's highest security rating.
Experts point to MS13-080 as the most important security update this month. It address ten different vulnerabilities in Microsoft's Internet Explorer (IE) and applies to every supported version of the web browser.
Aside from the number of vulnerabilities addressed, the update is considered important because it's designed to eliminate two zero-day flaws that have already been exploited by hackers. (Source: itworld.com)
IE Zero-Day Flaw Known For Weeks
One of those zero-day vulnerabilities has been widely known since mid-September. Microsoft had issued "Fix It" software to address the issue, but that was only a temporary solution.
This month's Patch Tuesday update is designed to provide a more permanent fix for the issue.
DevOps senior director and security expert Andrew Storms says it's about time Microsoft addressed the vulnerability.
"Many people have been on their toes watching the IE exploit since it first became public in mid-September," Storms said. (Source: pcworld.com)
"Despite the exploit being used in a watering hole attack and Metasploit releasing a module for the exploit, Microsoft did not find it necessary to release the fix out of band."
Thankfully, most security experts believe the damage done has been minimal. "So far these bugs are only being exploited in limited attacks, but users are still strongly encouraged to patch IE as soon as possible," noted Lamar Bailey, Tripwire's security research and development director.
Windows 8.1 Also Vulnerable
The other "critical" updates address vulnerabilities in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2. According to reports, a hacker who successfully exploits the flaws could remotely execute malicious code on a system.
Security expert Marc Maiffret, chief technology officer at BeyondTrust, says the vulnerabilities "will be a prime target for attackers in the near future," and suggests that IT administrators deploy the patch "as soon as possible." (Source: pcworld.com)
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.