14 DAY TRIAL // Windows 8.1 Update is indeed mandatory for users running Windows 8.1, but it turns out that Microsoft has quietly launched another must-have update for Windows 7 as well.
Released in April, the MS14-18 security bulletin is a cumulative update for Internet Explorer, and all users currently running Windows 7 have no other option than to install it in order to receive future fixes.
The best example comes from this month's Patch Tuesday cycle which brings a total of 59 security fixes for Internet Explorer, so users who do not install the bulletin rolled out in April cannot get this new set of improvements.
Microsoft hasn't clearly specified that the April 2014 patch is mandatory for Windows users, but in a short mention on the MS14-035 page it does state that everyone needs to install the two-month old bulletin in order to get all Internet Explorer fixes.
“Customers running Internet Explorer 11 on Windows 7 or Windows Server 2008 R2, must first install the 2929437 update released in April, 2014 before installing the 2957689 update,” the company says.
Basically, this month's Patch Tuesday cycle addresses critical flaws that would allow an attacker to get control of a vulnerable system and obtain the same privileges as the logged-in user.
“The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights,” Microsoft said.
As far as the April bulletin is concerned, MS14-018 is supposed to fix some similar issues which could also allow an attacker to get the same user rights as the current user with the help of a compromised website.
“An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft says.
In both cases, the new bulletins are being delivered via Windows Update, so you should install them as soon as possible, just to make sure that you're running a fully patched version of Windows. Future Internet Explorer patches will also be based on these two bulletins, which means that everyone will have to install them sooner or later.