14 DAY TRIAL // This month's Patch Tuesday rollout brought us a total of seven different security updates, two of which have been flagged as critical and supposed to address no less than 59 vulnerabilities in Internet Explorer.
While this is pretty surprising given the fact that we're discussing about a single application, this new series of updates also includes a fix for a zero-day flaw reported to Microsoft 8 months ago and publicly disclosed by HP's Zero Day Initiative last month.
In an advisory released today, Microsoft explained that the most severe vulnerabilities patched today would allow an attacker to gain the same privileges as the logged-in user and run malicious code on the target computer.
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft said.
The company explains that this particular flaw has been considered critical on Windows clients and moderate on Windows servers.
“This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on Windows clients, Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on Windows servers,” it added.
As you can see, Windows XP is missing from this equation, so the company has indeed pulled the plug on this particular OS version completely, even though more than 25 percent of the computers worldwide are still running it right now, according to third-party statistics.
Redmond warns that every single user that still has Windows XP installed on his computer needs to upgrade to a newer version as soon as possible, be it Windows 7 or Windows 8.1. Upgrading would also bring a new Internet Explorer version as well, which clearly keeps them on the safe side whenever new vulnerabilities in older builds of the browser are discovered.
Today's IE fixes are available for all the other supported Windows versions via Windows Update, so if your computer is connected to the Internet, just wait until all patches are automatically downloaded and installed. If you're running Windows XP, your best options are to either upgrade to a newer OS or change Internet Explorer with another browser.