14 DAY TRIAL // Microsoft has just launched this month’s Patch Tuesday updates to address a total of 31 vulnerabilities in its software, including the Windows operating system.
The company recommends users to prioritize the deployment of three patches, namely MS14-007, MS14-010 and MS14-011, which address issues in Microsoft Windows Direct2D, Internet Explorer, and the VBScript Scripting Engine, as it said in a statement this morning.
Basically, the MS14-007 bulletin, which addresses a vulnerability in Direct2D, could allow remote code execution if the user is tricked into loading a crafted webpage in Internet Explorer from an unpatched system.
The MS14-010 update, on the other hand, brings fixes for Internet Explorer and tries to resolve 23 security flaws that could put users at risk.
“This cumulative update addresses one public and 23 privately disclosed issues in Internet Explorer. It’s important to remember that this is still just one update,” Microsoft explained.
“Our guidance to customers does not change based on the number of CVEs contained in a single Internet Explorer update. An attacker who successfully exploited the most severe of these issues could execute code at the level of the logged on user. Customers who deploy this update will be protected from that scenario.”
Last but not least, MS14-011 is supposed to address a vulnerability found in the VBScript scripting engine, again which could allow remote code execution if a malicious website is loaded in Internet Explorer.
“Although this update and MS14-007 have similar exploit vectors to the update for Internet Explorer, these issues actually reside in Windows components – not Internet Explorer. This update also shares a CVE with the MS14-010 update for Internet Explorer as the VBScript scripting engine was included in Internet Explorer 9.”
As usual, all patches are being delivered via Windows Update, so no user input is required if your computer is already connected to the Internet.