14 DAY TRIAL // Microsoft today rolled out this month’s Patch Tuesday updates and among the fixes security flaws, there’s also a zero-day vulnerability affecting Internet Explorer and first reported in February.
Just like all the other fixes released by Microsoft on Patch Tuesday, the MS14-012 bulletin supposed to fix the Internet Explorer flaw is being delivered via Windows Update, which means that in case you’re now running IE10, the update should be there waiting for your approval to install.
As Microsoft said one month ago, the issue allows remote code execution with the help of a compromised website, so it’s critical for users to patch Internet Explorer as soon as possible.
“An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” the company said in a security advisory.
The MS14-012, however, includes multiple patches to address a total of sixteen privately reported and two publicly disclosed vulnerabilities in Internet Explorer, so it’s not aimed only at IE10 users, but also at users of all the other IE versions currently supported by Microsoft.
As a result, the patch is being flagged as critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 on Windows clients, moderate for Internet Explorer 6, Internet Explorer 7 on Windows servers, and important for Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on Windows servers.
At the same time, Microsoft has also released an Adobe Flash Player update for Internet Explorer 10 and 11 on Windows 8 and Windows 8.1, as the company worked together with Adobe to resolve some privately-disclosed vulnerabilities in the application.
“Most customers have automatic updating enabled and will not need to take any action because this update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually,” the software giant explained.
In most cases, if your computer is already connected to the Internet, patches are automatically delivered to your device via Windows Update, so no user input is necessary. The updates will also be available for download separate for system administrators who want to patch their computers without Internet access.