Microsoft readies patch for gaping IE browser security holes

Microsoft readies patch for gaping IE browser security holes

Summary: In all, Microsoft will release 6 bulletins this month to address at least 11 documented vulnerabilities in several software products.

SHARE:
TOPICS: Browser, Microsoft
30

Microsoft plans to ship a high-priority Internet Explorer update next Tuesday to fix gaping holes in the world's most widely deployed web browser.

The security holes in Internet Explorer could be exploited remotely by malicious hackers to launch remote code execution attacks, Microsoft warned.   Vulnerabilities with a "critical" rating can typically be exploited to launch drive-by download attacks if a user simply surfs to a booby-trapped web site. follow Ryan Naraine on twitter In all, Microsoft will release 6 bulletins this month to address at least 11 documented vulnerabilities in several software products.

In addition to the critical IE bulletin, this month's Patch Tuesday batch will cover security vulnerabilities in Microsoft Windows, Microsoft Office, Forefront UAG, and .NET Framework.

Four of the six bulletins will be rated "critical," Microsoft's highest severity rating.

Topics: Browser, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

30 comments
Log in or register to join the discussion
  • The problem I have with IE.

    The problem IE will always have is that it's very hard to secure a browser when Microsoft itself wants to retain backdoor access to it through the Operating System from "legitimate" sources. No other browser Chrome, Firefox, etc. tries to do what Microsoft does integrating IE into every other application and system in Windows. As long as they treat IE as a core component of the OS and not a separate tool we'll continue to see these articles about vulnerabilities.
    Socratesfoot
    • Right. "back door access". Oh, and your comment on Chrome?

      why does Google need to add backdoor access to your system via Chrome, when you happily provide them front door access through Chrome, Google desktop, ect.

      Sorry, but nice try with the FUD, though.
      William Farrel
      • Who needs Chrome...

        ...when IE will do as a front door.

        http://nakedsecurity.sophos.com/2011/05/19/microsoft-study-asserts-social-engineering-more-common-than-exploitation/

        They've lied in the past. They'll lie again.
        ScorpioBlack
      • I was not surprised at your lack of originality.

        ScorpioBlack.

        It appears you could not come up with an original comment of your own.
        :|
        Tim Cook
      • I don't really care if you weren't surprised or not, faux pointy ears

        The fact that you're a trekkie troll says volumes.
        ScorpioBlack
    • Evidence?

      Backdoor access? Whatever does that mean? And do you have evidence of it?

      "No other browser Chrome, Firefox, etc. tries to do what Microsoft does integrating IE into every other application and system in Windows."

      Well, Firefox and Chrome can and have been embedded into other applications as well. And Windows is slowly offering more API hooks in Windows 8 to allow another browser to integrate with the OS (for example, apparently the Firefox team is planning on enhancing Windows' search functionality in Windows 8).

      And I actually haven't seen much in the way of a browser issue becoming an OS-wide issue recently.
      CobraA1
    • Errr?

      Backdoor access? Why is it that one browser is vulnerable if the others aren't. That isn't "backdoor" as all would be affected.
      Gisabun
  • Gaping? cmon.

    It's no more of a "gaping" hole than any other security hole in any other piece of software. Gaping implies that it is super obvious, boneheaded, etc. And unless it's a brand new flaw, any "gaping" hole that took years for hackers to find isn't very "gaping".
    PB_z
  • When...

    When Microsoft does it, it is to patch security vulnerabilities, when other browsers do, it is called "new version"
    AmediaN
    • Yup.

      Chrome releases a new version more often than not instead of actually patching. Hence why they are at version 18.
      Gisabun
  • My imagination, or is Microsoft Download for Patches swamped right now?

    I am doing an update on some old test servers, and it has taken over 20 MINUTES to get 120MB of data off of the MS services! It's absolutely horrible right now.
    I can watch YouTube videos and surf (like this moment) anywhere, but the downloads are slower than snail snot!

    Did everybody go on vacation and give approval to IT to patch servers worldwide?
    briank@...
    • Huh?

      If you have that many test servers, every thought of downloading the individual updates manually and use a batch file or something to install them?
      Also, ever thought it was maybe your internet bandwidth [or your ISP]?
      Gisabun
  • I am not a huge Microsoft fan

    but honestly is this BS blog worthy? For the love of bits....every piece of software on the planet gets patched....all the time.
    JeveSobs
    • The problem is...

      How often, and how severe the repercussions. Microsoft seems to put out patches that pretty much replace the operating system every other week...
      Tony Burzio
      • Sorry, NOT the real problem...

        I WISH M$ replaced the OS every other week! Unfortunately, they drag on and on with old systems, until the one you have is ANTIQUATED.
        But we can't just pint the finger at Microsoft; Novell, Apple, and commercial Unix are just as bad. Only the multi-headed Linux developers are anything NEAR fast-regenerators; those guys crank out next-generation operating systems faster than Ether bunnies!
        But again, when you're doing it more as a hobby than for profit, that's to be expected.
        MadYank
      • That is what you think?

        @MadYank

        Really? MS releases a patch once a month. How often do you think Apple releases patches? Let's see...

        http://support.apple.com/kb/HT1222

        And the reason it seems Apple is more secure than MS is, well, because ZDNet forgets to mention when Apple releases a patch, but will have multiple headlines every time there is a monthly MS patch (first the heads-up the previous week, then another headline for the actual patch release the next week).

        For instance, I remember how ZDNet conveniently forgot to mention this one:

        http://www.computerworld.com/s/article/9196118/Apple_smashes_patch_record_with_gigantic_update

        That is right, there wasn't a single ZDNet post on that gigantic Apple patch whatsoever.

        So what was that you were saying about how it "seems" MS patches more...?
        Qbt
      • Funny.....

        Since they generally release patches once a month.
        OK. Which patches released THIS week replaced the ones TWO week ago?
        Which ones TWO weeks ago replaced the ones a month BEFORE?
        Gisabun
      • re: That is what you think?

        @Qbt: Even worse. The latest cummulative "update" is 1.2GB and is released every 2 months. That is one HUGE update. Microsoft service packs and that large. Even worse, a MS service pack usually includes probably 200+ fixes [mostly minor] and it's still WAY smaller than this?
        Gisabun
  • The worst browser

    It is the worst browser. Never use it. Chrome and Firefox are much superior.
    Van Der
    • Wanna BET?

      I've tried Chrome; tried it on Windows, tried it on an Android tablet. Yeah, it's pretty good on Ice Cream Sandwich (DUH!) - since they're BOTH from Google, it BETTER be!
      But on Windows? Uh-UH! No WAY, Jose. Gar-BAGE!
      And at that, even Chrome is WAY better than the latest version of FireDud...
      MadYank