Must Read: Mint 15: Today's best Linux desktop (Review)

Topic: Browser

Microsoft readies patch for gaping IE browser security holes

Summary: In all, Microsoft will release 6 bulletins this month to address at least 11 documented vulnerabilities in several software products.

Ryan Naraine

By for Zero Day |

Microsoft plans to ship a high-priority Internet Explorer update next Tuesday to fix gaping holes in the world's most widely deployed web browser.

The security holes in Internet Explorer could be exploited remotely by malicious hackers to launch remote code execution attacks, Microsoft warned.   Vulnerabilities with a "critical" rating can typically be exploited to launch drive-by download attacks if a user simply surfs to a booby-trapped web site. follow Ryan Naraine on twitter In all, Microsoft will release 6 bulletins this month to address at least 11 documented vulnerabilities in several software products.

In addition to the critical IE bulletin, this month's Patch Tuesday batch will cover security vulnerabilities in Microsoft Windows, Microsoft Office, Forefront UAG, and .NET Framework.

Four of the six bulletins will be rated "critical," Microsoft's highest severity rating.

Topics: Browser, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

30 comments
Log in or register to join the discussion

  • The problem I have with IE.

    The problem IE will always have is that it's very hard to secure a browser when Microsoft itself wants to retain backdoor access to it through the Operating System from "legitimate" sources. No other browser Chrome, Firefox, etc. tries to do what Microsoft does integrating IE into every other application and system in Windows. As long as they treat IE as a core component of the OS and not a separate tool we'll continue to see these articles about vulnerabilities.
    Socratesfoot
    Reply Vote

    • Right. "back door access". Oh, and your comment on Chrome?

      why does Google need to add backdoor access to your system via Chrome, when you happily provide them front door access through Chrome, Google desktop, ect.

      Sorry, but nice try with the FUD, though.
      William Farrel
      Reply Vote

      • Who needs Chrome...

        ...when IE will do as a front door.

        http://nakedsecurity.sophos.com/2011/05/19/microsoft-study-asserts-social-engineering-more-common-than-exploitation/

        They've lied in the past. They'll lie again.
        ScorpioBlack
        Reply Vote

      • I was not surprised at your lack of originality.

        ScorpioBlack.

        It appears you could not come up with an original comment of your own.
        :|
        Tim Cook
        Reply Vote

      • I don't really care if you weren't surprised or not, faux pointy ears

        The fact that you're a trekkie troll says volumes.
        ScorpioBlack
        Reply Vote

    • Evidence?

      Backdoor access? Whatever does that mean? And do you have evidence of it?

      "No other browser Chrome, Firefox, etc. tries to do what Microsoft does integrating IE into every other application and system in Windows."

      Well, Firefox and Chrome can and have been embedded into other applications as well. And Windows is slowly offering more API hooks in Windows 8 to allow another browser to integrate with the OS (for example, apparently the Firefox team is planning on enhancing Windows' search functionality in Windows 8).

      And I actually haven't seen much in the way of a browser issue becoming an OS-wide issue recently.
      CobraA1
      Reply Vote

    • Errr?

      Backdoor access? Why is it that one browser is vulnerable if the others aren't. That isn't "backdoor" as all would be affected.
      Gisabun
      Reply Vote

  • Gaping? cmon.

    It's no more of a "gaping" hole than any other security hole in any other piece of software. Gaping implies that it is super obvious, boneheaded, etc. And unless it's a brand new flaw, any "gaping" hole that took years for hackers to find isn't very "gaping".
    PB_z
    Reply Vote

  • When...

    When Microsoft does it, it is to patch security vulnerabilities, when other browsers do, it is called "new version"
    AmediaN
    Reply Vote

    • Yup.

      Chrome releases a new version more often than not instead of actually patching. Hence why they are at version 18.
      Gisabun
      Reply Vote

  • My imagination, or is Microsoft Download for Patches swamped right now?

    I am doing an update on some old test servers, and it has taken over 20 MINUTES to get 120MB of data off of the MS services! It's absolutely horrible right now.
    I can watch YouTube videos and surf (like this moment) anywhere, but the downloads are slower than snail snot!

    Did everybody go on vacation and give approval to IT to patch servers worldwide?
    briank@...
    Reply Vote

    • Huh?

      If you have that many test servers, every thought of downloading the individual updates manually and use a batch file or something to install them?
      Also, ever thought it was maybe your internet bandwidth [or your ISP]?
      Gisabun
      Reply Vote

  • I am not a huge Microsoft fan

    but honestly is this BS blog worthy? For the love of bits....every piece of software on the planet gets patched....all the time.
    JeveSobs
    Reply Vote

    • The problem is...

      How often, and how severe the repercussions. Microsoft seems to put out patches that pretty much replace the operating system every other week...
      Tony Burzio
      Reply Vote

      • Sorry, NOT the real problem...

        I WISH M$ replaced the OS every other week! Unfortunately, they drag on and on with old systems, until the one you have is ANTIQUATED.
        But we can't just pint the finger at Microsoft; Novell, Apple, and commercial Unix are just as bad. Only the multi-headed Linux developers are anything NEAR fast-regenerators; those guys crank out next-generation operating systems faster than Ether bunnies!
        But again, when you're doing it more as a hobby than for profit, that's to be expected.
        MadYank
        Reply Vote

      • That is what you think?

        @MadYank

        Really? MS releases a patch once a month. How often do you think Apple releases patches? Let's see...

        http://support.apple.com/kb/HT1222

        And the reason it seems Apple is more secure than MS is, well, because ZDNet forgets to mention when Apple releases a patch, but will have multiple headlines every time there is a monthly MS patch (first the heads-up the previous week, then another headline for the actual patch release the next week).

        For instance, I remember how ZDNet conveniently forgot to mention this one:

        http://www.computerworld.com/s/article/9196118/Apple_smashes_patch_record_with_gigantic_update

        That is right, there wasn't a single ZDNet post on that gigantic Apple patch whatsoever.

        So what was that you were saying about how it "seems" MS patches more...?
        Qbt
        Reply Vote

      • Funny.....

        Since they generally release patches once a month.
        OK. Which patches released THIS week replaced the ones TWO week ago?
        Which ones TWO weeks ago replaced the ones a month BEFORE?
        Gisabun
        Reply Vote

      • re: That is what you think?

        @Qbt: Even worse. The latest cummulative "update" is 1.2GB and is released every 2 months. That is one HUGE update. Microsoft service packs and that large. Even worse, a MS service pack usually includes probably 200+ fixes [mostly minor] and it's still WAY smaller than this?
        Gisabun
        Reply Vote

  • The worst browser

    It is the worst browser. Never use it. Chrome and Firefox are much superior.
    Van Der
    Reply Vote

    • Wanna BET?

      I've tried Chrome; tried it on Windows, tried it on an Android tablet. Yeah, it's pretty good on Ice Cream Sandwich (DUH!) - since they're BOTH from Google, it BETTER be!
      But on Windows? Uh-UH! No WAY, Jose. Gar-BAGE!
      And at that, even Chrome is WAY better than the latest version of FireDud...
      MadYank
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close