ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Patch Tuesday heads-up: Critical IE update among 13 bulletins

By | August 4, 2011, 1:58pm PDT

Summary: The “critical” Internet Explorer update fixes flaws that introduce remote code execution risks on all versions of Internet Explorer, including the newest IE 9.

Microsoft is planning a bumper Patch Tuesday for August — 13 bulletins with patches for 22 potentially dangerous security vulnerabilities.

Two of the 13 bulletins are rated “critical,” Microsoft’s highest severity rating.

follow Ryan Naraine on twitter

Microsoft Windows users will want to pay special attention to the Internet Explorer bulletin because the issues can expose users to drive-by download attacks via the browser.

The update fixes flaws that introduce remote code execution risks on all versions of Internet Explorer, including the newest IE 9, according to Microsoft’s advance notice.

This month’s patch batch will also supply fixes for holes in Microsoft Windows, Microsoft Office, .NET and Visual Studio.

All 13 bulletins will be released on Tuesday, August 9 at approximately  1:00 PM Eastern.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Microsoft Internet Explorer, Ryan Naraine, Bulletin, Web Browsers, Internet

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
39
Comments
Add Your Opinion

Join the conversation!

Just In

Also, don't forget.
Joe.Smetona Updated - 4th Sep
@dazzyboi and unrealmaster287... IE has Active-X, and everyone knows Active-X installs botnets and viruses much better. Also, it's closed source spyware can be installed from the factory and no one will be the wiser. You can install anything you want in closed source and remain undetected. Anyone would do fine not using IE, Firefox 6 comes with LInux by default and works great, and it's completely open source, so there's no tricks..
View in thread
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
elffuts 4th Aug
Let me get this straight -- the update INTRODUCES risks?
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
Rainbow_722 4th Aug
@elffuts
no--it says update FIXES FLAWS that introduce remote code execution risks--the flaws are already there!
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
SenorAlejandro 5th Aug
@Rainbow_722 Heh, I think elffuts was referring to the wording in the update email:
The "critical" Internet Explorer update introduces remote code execution risks on all versions of Internet Explorer, including the newest IE 9.
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
elffuts 5th Aug
@Rainbow_722 That's what it says now, but that's not what was in the original post. They corrected it, but have yet to acknowledge that they did so.
0 Votes
+ -
Possibly...
rahbm 6th Aug
@elffuts
It wouldn't be the first time!
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
rsservices@... 4th Aug
If the update introduces these risks, that would indeed be something ridiculous for MS to advertise. More likely the update removes the risks on an updated system.
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
elffuts 4th Aug
@rsservices@... I would certainly hope so!
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
Tsiskin Updated - 4th Aug
I read it 8 or 9 times, and it says "Introduces". I thought I was going crazy.. Yikes!
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
allenc@... 4th Aug
What the heck!!! Where are they writing the code for these patches??? In China???

Introduces or plugs remote code execution???
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
MrElectrifyer 6th Aug
@allenc@...
LMAO grin
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
DavidLP1 4th Aug
i didn`t know anything about this before this message...now everybody knows and we have to wait until the 13th...wow really clever
0 Votes
+ -
Everybody knows what?
toddybottom 4th Aug
@DavidLP1
What exactly does everyone know now? Please point out the details of these vulnerabilities.
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
winlak 5th Aug
@DavidLP1
I agree. People who exploit these vulnerabilities - "drive-by download attacks " - now have until Tuesday to attack. Why supply advance info to challenge them?
0 Votes
+ -
I'll ask you the same question
toddybottom 5th Aug
@winlak
What info were they supplied with that they didn't already know?
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
scorpio1113 4th Aug
Uhhhhhh. Folks? Just bad choice of words in the headline. How about "reveals" instead of "introduces"?
happy
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
pagraves 4th Aug
Sent this article to friend of mine at Micrsoft tech net and he busted out laughing, he said somebody at ZDnet needs to learn to write an article the right way. We are not the threat.
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
MarshalK 4th Aug
probably meant "reduces" remote code execution risks on all versions of Internet Explorer, including the newest IE 9, according to Microsoft?s advance notice.
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
Rodo1 4th Aug
@MarshalK Hopefully the patch will eliminate the risk, not just reduce it!
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
ron.lee@... Updated - 4th Aug
Where's the author Ryan Naraine on all this? He wrote the article. He should be confirming or clarifying his statement NOW! Meanwhile, since the update has already ocurred I'm switching to Firefox until either Ryan or Microsoft comes out with an official position.
0 Votes
+ -
Somebody has to have goofed!
Digirati 4th Aug
Instead of "introduces" or "reduces," it probably is intended to have said "mitigates" or "blocks." Introduces sounds like somebody made a BIG typo and hasn't realized it yet. I'll bet it will be updated within a few hours.
0 Votes
+ -
Gimme a break folks!
derekgore Updated - 4th Aug
You can stop replying about the verbiage in the summary because it has been fixed!

We all know it will fix vulnerabilities not create them. However with the quick turn around time on some reverse engineered attacks after a MS Patch Tuesday the updates always introduce the top crackers in the world to new vulnerabilities. Which they can take advantage of because there are some folks who believe that updates from MS are risky. Sure they are if you are running a business server with legacy custom software on it, then you have to do what IT gets paid for, run thenm against your network, systems, and programs before deploying them. However, for the average user at home there is little risk on a clean system that isn't already infected. I think these are the same folks who have some believing that getting updates is bad, getting free scans online that are unasked for is good.
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
Cylon Centurion 4th Aug
Well this'll have the ABMers cheering.
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
windozefreak 4th Aug
At least we know about the risks. Some companies won't tell you there is a problem and tell workers to deny there is a problem. Of course these guys did not know of those vulnerabilities, or, helped hide them???
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
davidphillip 4th Aug
Microsoft has resorted to hiring people who are no longer capable of doing the job. Anyone who cannot see that should take their entitled head out of the sand!
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
ron.lee@... 4th Aug
I noticed that the article has been corrected by simply changing a few words. Too bad they don't have the class to admit a mistake and put a note stating the article has been revised since first pubished. An apology is really in order.
0 Votes
+ -
Reading Comprehension helps.
Tora1337 4th Aug
"The ?critical? Internet Explorer update fixes flaws that introduce remote code execution risks on all versions of Internet Explorer, including the newest IE 9."

The key point; "fixes flaws that introduce remote code execution risks"

This means it fixes (patches) the holes allow (introduce) remote code execution risks.

In other words, the patch doesn't introduce remote code execution risks, but rather fixes the flaws that introduce those risks. Come on now. It took 8 or 9 times reading that, and some of you still couldn't understand it? Seriously?
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
scottwsx96 4th Aug
@Tora1337

The article has been revised. Originally it said one of Microsoft's patches introduced vulnerabilities.
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
digitrog 4th Aug
more like what were they smokin' when they wrote this article ...
... diction is possibly not most technicians forte ...

Actually its possibly correct on both sides of the coin - fixin' the user and fixing the patches that are covering the holes in the security net with another holey plaster until someone else discovers the next lot of flaws ...
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
ron.lee@... 4th Aug
Toral1337. You obviously didn't see the article the way it was first published. It was corrected before you read it. Unfortunately they didn't bother to acknowlege the original version mislead everyone or otherwise acknowlege there was an error in the original version.
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
daikon 4th Aug
@ron.lee@...
Why, you know it was a mistake. Would you really feel any better that there is an update of a typo.

Its not like theses updates are a new thing, you wait a month to fix a problem. I am sure there where emails sent to the author.
0 Votes
+ -
Oh, Geez.
SenorAlejandro 5th Aug
Just delete this article completely. c_c
0 Votes
+ -
Whatever happened to the PW2OWN vulnerabilities?
ye 5th Aug
I don't recall having read any details on how Protected Mode was bypassed during the PW2OWN contest. Any chance we could get an overview of how it was done?
0 Votes
+ -
Yep,
Joe.Smetona Updated - 7th Aug
@ye Yep, that's right up there with the TDL-4 botnet story with 4.5M Windows computer infected in the first 3 months of 2011. That story never made it to press either. It's in the circular file.

http://www.google.ca/search?q=%22tdl-4%22&hl=en&num=10&lr=&ft=i&cr=&safe=images&tbs=,qdr:w
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
beowulf74 5th Aug
Why do people still use IE? There are better and safer alternatives, like Firefox, Chrome, and even Opera.
0 Votes
+ -
Message has been deleted.
Unrealmaster287 Updated - 10th Aug
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
dazzyboi 6th Aug
@beowulf74 I use IE because if my Chrome, FF or anything else has a bug in that I can only fix by re-installing it, I have to use IE to download it.

Also, IE comes in handy if Windows Update fails, as it has done for me before...

Not disputing the opinion that Firefox, Chrome are better (Opera not so much), but they too have their flaws, it's just that IE is the most popular browser around, so a majority of people use it and therefore hackers or bored computer nerds will only focus on exploiting IE's holes
0 Votes
+ -
Also, don't forget.
Joe.Smetona Updated - 4th Sep
@dazzyboi and unrealmaster287... IE has Active-X, and everyone knows Active-X installs botnets and viruses much better. Also, it's closed source spyware can be installed from the factory and no one will be the wiser. You can install anything you want in closed source and remain undetected. Anyone would do fine not using IE, Firefox 6 comes with LInux by default and works great, and it's completely open source, so there's no tricks..
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
dazzyboi 6th Aug
Don't shoot the messenger... Windows posted the advance news update and Ryan (and ZDNet) were kind enough to pass it on because we probably pay more attention to ZDNet than Microsoft (I know I do).

And as for the typo, c'mon, we've all done them. Let's just use our common sense now
0 Votes
+ -
RE: Patch Tuesday heads-up: Critical IE update among 13 bulletins
luckyg 6th Aug
Just more of the same, no big news that MS can't properly complete anything they start.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix