Microsoft Plugs IE Security Holes

  IE8
No less than six out of the total of 34 vulnerabilities resolved by Microsoft this month affect various releases of Internet Explorer.

No less than six out of the total of 34 vulnerabilities resolved by Microsoft this month affect various releases of Internet Explorer.

The Cumulative Security Update for Internet Explorer (2183461) is now available to users around the world, as Microsoft has released Microsoft Security Bulletin MS10-053.

The security bulletin carries a rating of Critical, meaning that the vulnerabilities in IE can allow for remote code execution in the eventuality of a successful attack.

“This security update resolves six privately reported vulnerabilities in Internet Explorer,” explained Tyson Storey, IE Program Manager. ‘The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.”

“Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Storey added.

Users running Internet Explorer 8 on Windows 7 are impacted only by five of the six vulnerabilities. In addition, only four of the security holes in IE8 running on the latest iteration of Windows are considered Critical.

“This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8,” Storey said.

“The security update addresses the vulnerabilities by modifying the way that Internet Explorer enforces security checks and handles objects in memory,” he noted.

The Cumulative Security Update for Internet Explorer (2183461) is already available to IE users around the world. The patch can be accessed through Windows Update.

“The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually,” Storey revealed.

Of course, the advice from Microsoft is to make sure that the latest Cumulative Security Update for IE along with the August 2010 security bulletins are applied to systems as soon as possible, in order to make sure that customers are safe against any potential attacks.

Internet Explorer 8 (IE8) RTW is available for download here (for 32-bit and 64-bit flavors of Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008).

Internet Explorer 9 (IE9) Platform Preview is available for download here.

Follow me on Twitter @MariusOiaga.

Comments