Microsoft to issue Windows, IE and Silverlight patches

Microsoft to issue Windows, IE and Silverlight patches

Summary: [CORRECTION] All versions of Windows and Internet Explorer will receive updates on Patch Tuesday next week. The recent IE zero-day will be included in the fixes.


The penultimate Patch Tuesday for Windows XP will include fixes for that product and all other versions of Windows. According to the Microsoft Security Bulletin Advance Notification for March 2014, there will be a total of five updates released next week, two of them addressing critical vulnerabilities.

Microsoft says that the recent zero-day vulnerability in Internet Explorer will be fixed in this set of updates. That vulnerability affects only IE9 and IE10. Only one IE update is listed in this month's Advance Notification, and it affects all versions of Internet Explorer, so more than one vulnerability must be fixed.

[CORRECTION: An earlier version of this story said that the IE zero day was not fixed by these updates.]

That one IE update is for remote code execution bugs rated critical on all client versions of Windows. Another critical Windows vulnerability, also enabling remote code execution, affects all Windows versions other than RT and Server Core. Server Core is the only Windows version to have no critical updates this month. Two other updates with a maximum rating of important, one an privilege elevation vulnerability and the other a security feature bypass, affect nearly all Windows versions.

The final update fixes an important vulnerability or vulnerabilities in Microsoft Silverlight 5, including the Mac versions. This fix is also for a security feature bypass.

Microsoft will also release a large number of non-security updates next Tuesday.

Topics: Security, Microsoft, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • So...

    now when I install a fresh copy of Windows 7 on a new build (or rebuild), I can count on more than the current 180 updates, which takes about 4 to 5 hours to complete (depending on CPU speed)... I thought service packs were suppose to eliminate these bulk updates... not on Windows 7. You have to start from scratch if you purchase a OEM copy on the OS.
    • IE

      IE updates are typically cumlative. You get them almost every month but a new machine would get one or three. Most of your big patches are for Office and .Net, those take forever. Then you get a lot of niggley little ones patching this or that.

      Once a service pack is released, that actually causes a lot more patching (depending on the age of the OS) because you have to patch up to a certain level to get the SP than after the SP is install, patch the SP and system after that point.
      Rann Xeroxx
      • Not all IE updates are cumulative

        I believe the cumulative updates are quarterly
        Larry Seltzer
  • Penultimate? Seriously?

    I realize as technologists we all have brains, but most of us haven't had a language, English, writing or vocabulary class in years. Your prose needs work.
    • I agree

      that most techies need remedial language skills. The few who can string together a complete sentence makes them stand out from a crowd more than the old rainbow fright wigs basketball fans used to wear. (Don't get me started on the fulfillment of the Orwellian New Speak/New Think social media such as Twitter have succeeded in foisting on all their users. BTW, the root word of "Twitter" is NOT "Tweet"!)
      However, there's nothing wrong with encouraging them to exercise their need to LOOK IT UP.
      That's why dictionaries exist. And in this case, they don't even have to guess at the spelling!

    • wtf?

      What's your problem with the word "Penultimate"?
      • Reminds me of a joke once told on Car Talk

        Referring to the two fine universities in Cambridge, (our fair city), MA, is the story of a young man, obviously a college student coming up to the "ten items or less" express lane in a Cambridge grocery store with a full basket. The cashier was staring at him, and he asked what was the matter. "I'm trying to figure out ... are you from Harvard and can't count, or from MIT and can't read?"

        Penultimate: from Latin "paene" meaning "almost" and "ultimus" meaning "last." Just like peninsula: "almost an island." Was that so hard?

        oh, and the cashier in the above joke? Probably from University of Florida, and could both count AND read!
    • I'm confused

      "penultimate" means "next to the last". April will be the last Patch Tuesday for Windows XP. What's the problem here?
      Larry Seltzer
  • No Difference

    None of these patches really matter in the long run. I've run for a year at a time with W update turned off. Their OS security is a joke and their update process so slow it's disgusting. It's NOT the download process so much as a sh!tty operating system in the first place. Go Linux.
    • Ignorance showing

      Windows 8 security isn't any more of a joke than that of any other OS, and if you don't update then it's your own fault. Please do go to Linux post-haste, though. I'm sure somebody with your obvious ignorance of software will find a way to get hijacked on that, then you can make the more intelligent Linux users look bad as the ignorant Windows users make every Windows user look bad.
      Michael Alan Goff
  • Let me uninstall!

    Instead of patches for internet explorer...let me uninstall it once and for all!!!