Over 40 IE vulnerabilities are targeted by the 3034682 update, including one that’s been disclosed prior to the big patch day. Before uninstalling Chrome and Firefox, though, keep in mind the perilous XSS flaw we recently reported remains open for cyber-invasions.
No word yet on when exactly when that hitch be mended (hopefully, in less than a month), but at least Internet Explorer is now immune to a bug which allowed remote code execution by feeding a user a “specially crafted webpage.”
Successful exploit of the now-fixed defect made it easy for skilled attackers to gain admin user rights on an infected system, permitting them to wreak havoc both on and offline with little effort.
Meanwhile, another couple of “critical” malfunctions that should now be a thing of the past targeted both public and private Windows Kernel-Mode Driver vulnerabilities, and an additional Group Policy flaw which Google didn’t get to expose.
The list of patched Windows, Office and Microsoft Server Software issues includes an extra half a dozen “important” pickles, one of which could have led to remote code execution. Then you have your security feature bypasses, elevation of privilege and information disclosure bugs. Almost routine stuff at this point.
It’s been a busy month for Redmond’s security experts, and their schedule is unlikely to clear up anytime soon. But if Windows 10 and Project Spartan see daylight glitch-free, it’ll all be worth it.
Editors' Recommendations
- Microsoft finally, officially pulls the plug on Internet Explorer
- Internet Explorer’s slow death has finally come to an end
- Upcoming Windows update will kill Internet Explorer for good
- Microsoft opens Chromium Edge bug bounty program with rewards up to $30,000
