The Hacker News Logo
Subscribe to Newsletter

Microsoft to Patch Critical Internet Explorer Zero-Day Vulnerability Next Tuesday

Microsoft to Patch Internet Explorer Zero-Day in Patch Tuesday Update
Today Microsoft has released its Advance Notification for the month of June 2014 Patch Tuesday releasing seven security Bulletins, which will address several vulnerabilities in its products, out of which two are marked critical and rest are important in severity.

This Tuesday, Microsoft will issue Security Updates to address seven major vulnerabilities and all those are important for you to patch, as the flaws are affecting various Microsoft software, including Microsoft Word, Microsoft Office and Internet Explorer.

CRITICAL VULNERABILITY THAT YOU MUST PATCH
Bulletin one is considered to be the most critical one, which will address a the zero-day Remote Code Execution vulnerability, affecting all versions of Internet Explorer, including IE11 in Windows 8.1. 

All server versions of Windows are affected by this vulnerability, but at low level of severity because by default, Internet Explorer runs in Enhanced Security Configuration and just because Server Core versions of Windows Server do not include Internet Explorer, so are not affected.

The vulnerability allows a remote attacker to execute arbitrary code using JavaScript, but so far, the zero-day flaw is not known to have been used in any attacks, according to Microsoft. “The Update for Internet Explorer addresses CVE-2014-1770, which we have not seen used in any active attacks.

Microsoft kept hidden this critical Internet explorer Zero-Day vulnerability from all of us since October 2013, but last month the team at 'Zero Day Initiative' disclosed the vulnerability publically when Microsoft failed to respond and patch this flaw within 180 days after receiving the details from security researcher.

The second Bulletin addresses one or more flaws in both Windows and Office products. It is also a Remote Code Execution vulnerability and rated ‘Critical’ on all versions of Windows including Server Core; Microsoft Live Meeting 2007 Console and all versions of Microsoft Lync, excluding the Lync Server. The flaw is also rated ‘Important’ for Office 2007 and Office 2010.

These critical security updates are really important for users to patch and both the patches will require a restart after the installation of the new versions.

OTHER IMPORTANT PATCHES TO INSTALL
Remaining five bulletins will address one or more remote code execution vulnerabilities in Office, an information disclosure bugs in Windows, information disclosure bugs in Lync Server, a Denial of Service (DoS) bug in all Windows versions since Vista, and a "tampering" vulnerability in Windows including Windows 7, 8.x and Server 2012.

NOT FOR XP THIS TIME
Microsoft will not release any security update for its older version of Windows XP, like last month it provided an 'out-of-band security update' for Windows XP machines affected by the zero-day vulnerability.

Microsoft stopped supporting Windows XP Operating System. So, if you are still running this older version of operating system on your PCs, we again advise you to move on to other operating system in order to receive updates and secure yourself from upcoming threats.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.