Patch Tuesday: IE at risk of malware attacks; 57 flaws in total

Patch Tuesday: IE at risk of malware attacks; 57 flaws in total

Summary: In the latest round of monthly patches from Microsoft, users of Internet Explorer should jump ship for the next few days as all versions of the browser are at risk of malware attacks.

SHARE:
TOPICS: Security, Microsoft
75

Microsoft will release 12 patches for 57 vulnerabilities next week for Windows, Internet Explorer, and Office.

A spattering of enterprise products, including Microsoft Office and Windows Server, and developer tools, such as .NET Framework, will also be patched.

Five of the updates are labeled "critical," in which malicious code can be remotely executed on users' machines. Another vulnerability that allows remote code execution is labeled "important."

The company's pre-release bulletin warns of two major vulnerabilities for Internet Explorer, which will patch a flaw allowing hackers to run remotely executed code on vulnerable machines. All versions from IE6 to IE10 are affected, including Windows RT-based Surface tablets, which will also need to be updated.

With this in mind, users are advised to switch to another browser for the next few days until the updates are released. 

While the software giant normally throws in any Internet Explorer fixes into a monthly update, next Tuesday's patches will address the severity of the vulnerabilities.

Another critical update will address a flaw in Windows XP, Windows Vista, and Windows Server 2003—but does not affect later versions of the operating system, such as Windows 7 or Windows 8.

The fourth critical vulnerability patches Microsoft's email server, Exchange, while the fifth critical vulnerability affects only Windows XP-based machines.

In other "important" updates, Microsoft will also patch SharePoint which could be subject to code injection attacks. 

Microsoft doesn't release the full details of the vulnerabilities until patches are made available. 

Microsoft's advisory notice serve as a 'get prepared' warning for the upcoming Tuesday, February 12, when the patches are released through the usual update channels, such as Windows Update.

Topics: Security, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

75 comments
Log in or register to join the discussion
  • EMET

    Quote:"With this in mind, users are advised to switch to another browser for the next few days until the updates are released"

    Or just add IE to EMET.
    Mr.SV
    • EMET's never a bad idea, but...

      ...the advice about switching browsers is rather strange. Because the other browsers have unpatched vulnerabilities too; their makers simply haven't announced that there's a patch coming that fixes vulnerabilities. If we all stopped using browsers until there were no more security updates in the works, we'd never use browsers again. I think Zach went a little overboard on that one.
      mechBgon
      • Maybe he meant stop using browsers to view this site.

        For the next month or so, until they stop pushing malware from it?
        gomigomijunk
        • Misleading headline...as usual.

          Click bait. It made it sound like there are 57 vulnerabilities in IE leaving you open to malware attacks...except that there aren't. Why the misleading headline? Does someone have an axe to grind or something? Each time I see misleading information, the credibility of zdnet drops another notch...what gives people?
          gomigomijunk
          • uh..

            I didn't read it that way. Patch Tuesday usually has a multitude of targets and IE is one of them. The punctuation sets it off nicely too. I agree there can often be misleading headlines on tech sites but I don't think this is one of them.
            jpolk84
          • Basic grammar skills.

            I'm not a writer by profession, but I still remember some basic grammar skills. Dangling modifier comes to mind. Let me break it down for you:

            Here is how the headline reads:

            Patch Tuesday: IE at risk of malware attacks; 57 flaws in total

            Watch how it reads when you re-order it:

            Patch Tuesday: 57 flaws in total; IE at risk of malware attacks


            See the difference? 57 flaws is meant to describe Patch Tuesday, not IE.


            So I can only conclude one of two things, 1) The writers are incompetent or 2) The writers are malicious in there intent to mislead. Either way, it undermines their credibility.
            gomigomijunk
          • Need edit back, ZDNET

            seriously....Their, not there.
            gomigomijunk
          • but windows is IE

            there's no getting around that,
            windows is IE and IE is windows
            has been since win9x

            if it ain't then please tell me how certain items in "Internet Options" enables / disables local functions
            eg.
            here's one from win7 IE 9 "Internet Options" dialog: under the advanced tab is
            "Use inline AutoComplete in Windows Exploder and Run Dialog"
            WTF does "Internet Options" have to do with the local file browser & run command
            this is why your internet history appears in the Run dialog the search box and in the address bar of windows exploder

            and that's just one item that doesn't belong in "Internet Options"

            others options might appear to be "Internet Options" but also affect local system functions

            reason: windows is IE and IE is windows.
            Who Am I Really
        • gomigomijunk ....you know what the "57 flaws" reminds me of?

          An ad for Heinz Ketchup like "57 varieties" commercial
          Over and Out
          • Sounds like you are spinning 57 flaws

            as something that is good. I don't understand you.
            gomigomijunk
    • About that quote

      Who made that advisory, Zack? I ask because of the way it is written. It's not exactly "I advise users..." is it?
      TechNickle
  • Move along linux users

    Only a horrible road accident to see here.
    Alan Smithie
    • And how many...

      updates a month do you get from your distro repositiries patching security flaws? Mine gets dozens as well, they just don't attract column inches on such blogs, but the bug tracker lists are still fairly full, if you read them.

      Linux is a great OS, which I use all the time, but it isn't magically less buggy than Windows, just because Microsoft don't announce any patches for Linux every month!
      wright_is
  • Google Chrome!

    No risk for me. I switched to Google Chrome several years ago and haven't looked back!
    rm6565
    • So

      You do realize Google Chrome gets patched as well, right?
      Michael Alan Goff
      • right away

        usually. On the other hand Google challenges and pays for every 0-day exploit. MS doesn't This could mean 2 things: either MS is so cheap or MS knows better to not go bankrupt with their so much flawed software
        eulampius
        • RE

          """Google challenges and pays for every 0-day exploit"""

          MS also pays for exploits. They go even further paying for new anti-exploit technologies. Read about Blue Hat Prize. Some of this technologies (like Structure Exception Handler Overwrite Protection (SEHOP)) you can find build in Windows, and rest of them are included in EMET.
          This is a much better approach than passively wait until someone finds and reports bug, like google do.

          """ or MS knows better to not go bankrupt with their so much flawed software""""

          Very funny, you never even compare "flaws" in MS and Google software do you?
          Mr.SV
          • MS also pays for exploits.

            Any links to it, any announcements about it as well as about them actually having paid and how much? Or it's just another blabbering?
            eulampius
          • ExploitHub

            For my knowledge they don't pay directly like google, but is many labs like ExploitHub, this labs pays for exploits to researchers and then 'sell' it to companies like Microsoft or Adobe.

            In my point of view, they do better job developing technologies against common exploit technics (like ROP), instead of waiting until someone report some bug. This anti-exploit technologies cover not only Microsoft software but all the software installed on your computer.
            Mr.SV
          • ask...

            receive...

            http://www.microsoft.com/security/bluehatprize/

            so wanted to drop a "Bing it for me" on this one.
            TechNickle