14 DAY TRIAL // May 2014 brought us eight different security bulletins supposed to fix 13 different vulnerabilities in Microsoft software, including two privately-reported flaws in Internet Explorer.
All versions of Microsoft's in-house browser got patched today, so everyone running Windows and using Internet Explorer should hurry up to deploy the released fixes as soon as possible.
According to Microsoft, the exploit would involve a compromised website which could be used to break into the computer using the aforementioned Internet Explorer vulnerability, so just try to avoid clicking on suspicious links until you deploy today's patches.
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft says.
There's no word on any potential attacks that might have been spotted until now, but there's no doubt that Windows users could be under attack if they do not fix the Internet Explorer flaw as soon as possible.
According to the same advisory released today, the MS14-029 is currently being shipped to all computers running Internet Explorer, with Windows XP representing the only exception. Microsoft officially pulled the plug on Windows XP on April 8, so the company is no longer rolling out fixes and security updates for this particular OS version.
As a result, those still running Windows XP and using Internet Explorer to browse the web should consider switching to a different browser such as Google Chrome and Mozilla Firefox as soon as possible, since no updates will be shipped to their computers.
The patch is being flagged as critical for Internet Explorer on Windows clients, Microsoft said, and as important on Windows server.
“This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 on Windows clients, Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 on Windows servers,” it said.
As it's the case of all the other patches released by Microsoft on the second Tuesday of each month, this Internet Explorer fix is being shipped via Windows Update, so an Internet connection and Windows Update turned on should be all you need to stay secure.