Every single Internet Explorer at risk of drive-by hacks until Patch Tuesday
FIFTY-SEVEN gaping holes closed this month
Microsoft has lined up a bumper Patch Tuesday this month to snap shut a backbreaking 57 security vulnerabilities in its products.
Five of the 12 software updates addressing the gaping holes will tackle critical flaws that allow miscreants to execute code remotely on vulnerable systems.
In all, the soon-to-be-patched vulnerabilities exist in the Windows operating system, Internet Explorer web browser, Microsoft Server Software, Microsoft Office and the .NET framework.
The Redmond giant normally bundles together fixes for Internet Explorer bugs into a single monthly update, but February's Patch Tuesday release will feature two bulletins both addressing critical IE vulnerabilities. All versions of IE from 6 to 10, including the ARM port running on Windows RT on the Surface tablet, will need patching.
A third critical update addresses a flaw in Windows XP, 2003 and Vista but not later versions of Microsoft's PC operating system. The fourth critical update covers Microsoft Exchange, which uses the vulnerable Outside In software library from Oracle. The fifth critical vulnerability only affects Windows XP.
The remaining seven bulletins are all rated as important and mostly allow logged-in users to elevate their privileges, with the exception of a Sharepoint-related update that is susceptible to code-injection attacks.
More details, as usual, will follow next week once the patches are published. Microsoft's pre-release alert is here. Further commentary by Qualys can be found here. ®
Similar topics
Broader topics
Narrower topics
- Authentication
- Azure
- Bing
- Black Hat
- BSoD
- Common Vulnerability Scoring System
- Cybercrime
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- DDoS
- Digital certificate
- Encryption
- Excel
- Exploit
- Firewall
- Hacker
- Hacking
- Identity Theft
- Infosec
- Internet Explorer
- Kenna Security
- Microsoft 365
- Microsoft Build
- Microsoft Edge
- Microsoft Office
- Microsoft Surface
- Microsoft Teams
- NCSC
- .NET
- Office 365
- Outlook
- Palo Alto Networks
- Password
- Phishing
- Pluton
- Ransomware
- REvil
- SharePoint
- Skype
- Spamming
- Spyware
- SQL Server
- Surveillance
- TLS
- Trojan
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Wannacry
- Windows
- Windows 10
- Windows 11
- Windows 7
- Windows 8
- Windows Server
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
- Windows Server 2013
- Windows Server 2016
- Windows XP
- Xbox
- Xbox 360
- Y2K
- Zero Day Initiative
- Zero trust