Microsoft has come out with the newest installment of its monthly Patch Tuesday updates. Internet Explorer users might want to pay attention.
Microsoft has just issued 29 patches to address critical vulnerabilities for the browser. In total, the company released 41 updates, including one that fixed an Internet Explorer vulnerability that may allows hackers to take control of a computer.
Included in the updates were two patches that were meant to fix "critical" problems. The first one, with the title "Cumulative Security Update for Internet Explorer," addresses 26 vulnerabilities: one publicly disclosed and 25 that were privately reported. In the most severe cases, the vulnerability may allow attackers to have the same rights as the legitimate user. The security hole can be exploited when a user views a malicious website using Internet Explorer. Before the patch, users who had administrative rights on their computers were more susceptible to the security flaw.
Another critical patch, with the Bulletin ID MS14-043, is meant to fix a security flaw in Windows Media Center that may also allow for remote code execution. The security update resolves a security hole in Windows that was reported to Microsoft privately. If exploited successfully, hacker can theoretically take over a computer remotely when a user is tricked into opening a malicious Microsoft Word file that invokes Windows Media Center. Similar to the Windows Explorer vulnerability, the security hole is more effective with computer users who have administrative rights.
Aside from the critical patches, there are also updates that have been labeled as "Important." The software that have been tapped for the patches include OneNote, SQL Server, Microsoft SharePoint Server, .NET Framework and Microsoft Windows itself. The issues range from the remote code execution, elevation of privileges and security features bypass.
Wolfgang Kandek, the chief technology officer of IT security firm Qualys, said that the most critical update for administrators is the "Cumulative Security Update for Internet Explorer" or MS14-051. He also identified the OneNote patch, which has the Bulletin ID MS 14-048 as one of the most important updates in the batch. He said that while One Note, which is part of Microsoft's Office suite, is not as ubiquitous as Word and Excel, a patch should be applied to the vulnerability immediately.
