Patch Tuesday fix coming for Internet Explorer zero-day vulnerability

Share this article:
Microsoft will be delivering five updates on upcoming Patch Tuesday, two of which are critical.
Microsoft will be delivering five updates on upcoming Patch Tuesday, two of which are critical.

Microsoft will be delivering five updates on upcoming Patch Tuesday, two of which are deemed critical, meaning the vulnerabilities can be exploited to allow for code execution without any user interaction.

“The most important will definitely be the [Internet Explorer (IE)] patch which is expected to contain a fix for the current IE zero-day,” Tyler Reguly, manager of security research with Tripwire, told SCMagazine.com in an email statement.

The zero-day is a remote code execution vulnerability that impacts all versions of Internet Explorer. The flaw received a temporary patch from Microsoft in February, shortly after researchers with FireEye revealed that the vulnerability was being served up in a compromise of the U.S. veterans website.

The second critical patch addresses a vulnerability in mostly all Windows operating systems, and the remaining updates address important bugs in Windows and Silverlight, according to an advance notification released Thursday by Microsoft.

“Given the limited adoption of Silverlight and the implied support Microsoft gave Flash when they bundled it in IE 11, it's surprising that Silverlight has not been shelved yet,” Reguly said. “In a world filled with so many web technologies, vendors could better serve the public by simply limiting choice and removing dead weight.”

Microsoft also announced this week that it will begin serving up notification prompts to users that have yet to upgrade from Windows XP, warning them that the still widely used operating system will no longer be supported beginning April 8.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.