April's Patch Tuesday from Microsoft includes another Internet Explorer patch

Share this article:
Microsoft patches 18 Internet Explorer vulnerabilities, closes an actively exploited hole in Office
Microsoft patches 18 Internet Explorer vulnerabilities, closes an actively exploited hole in Office

Microsoft is readying nine patches to be released Tuesday as part of the software giant's monthly security update.

Two of the nine fixes address vulnerabilities rated "critical," meaning they could be exploited to execute remote code, while the remaining seven patches attend to flaws deemed "important," according to an advance notification from Microsoft.

Security observers eyed one of the critical fixes, "Bulletin 1," as the most pressing because it involves vulnerabilities in all supported versions (6-10) of Internet Explorer (IE). Security weaknesses in browsers are preferred vectors of attack for cyber criminals because often they can be successful by a victim merely visiting an infected web page.

Andrew Storms, director of security operations at nCircle, which recently was acquired by Tripwire, suspects one of the IE flaws being plugged was discovered last month at the Pwn2Own hacker contest at the CanSecWest show in British Columbia.

The update's remaining patches, address issues in Windows, Office, Server Software and Security Software. The update is due out around 2 p.m. EST on Tuesday.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

FBI to open Malware Investigator portal to security researchers

The portal is a virus analysis tool that examines suspicious files and shares information about them.

Android bug allowing SOP bypass farther reaching than initially thought

Researchers found that 42 out of the top 100 apps in the Google Play store with 'browser' in their names were vulnerable.

SUPERVALU and AB Acquisition LLC report being breached again

SUPERVALU and AB Acquisition LLC report being breached ...

The breaches involved different malware and both companies are investigating whether payment card information was stolen.