14 DAY TRIAL // Microsoft announced this morning that it would release a new batch of updates for Windows and some other products – including Internet Explorer – next week, as part of its monthly Patch Tuesday cycle.
While the software maker doesn’t provide any details on the found bugs before releasing the final patches, security analysts expect Microsoft to publish fixes for the major security flaws exploited during the Pwn2Own contest at the CanSecWest Conference.
Internet Explorer is one of the browsers that got hacked during the first day of the event, along with Mozilla Firefox and Google Chrome, all exploited with the help of yet-to-be-patched zero-day flaws.
Andrew Storms, director of security operations at security company nCircle, told ThreatPost that Microsoft will most likely use this month’s Patch Tuesday updates to block these zero-day exploits and thus make its browsers a bit more secure.
“Even with their new, more aggressive IE patch cadence they’re still behind other browsers that don’t stick to a monthly patch schedule. This probably isn’t a huge problem for enterprise security teams because the bug hasn’t been publicly released,” he was quoted as saying.
According to Microsoft’s security advisory, the company will release patches for every single version of Internet Explorer currently available on the market, starting with the 11-year-old IE6 and ending with the Windows 8 default build IE10.
“The number of bulletins isn’t the only factor IT security teams consider when they review a patch so, even though the overall patch count is a little higher than average this month and only two of the bulletins merit a critical rating, it’s too early to assume it’s going to be an easy month,” Storms said.
In addition to Internet Explorer flaws, Microsoft will also fix a critical vulnerability found in several Windows versions, including XP, Vista and 7. Windows RT and 8 are both on the safe side.