After unexpectedly leaving it out of last month’s Patch Tuesday extravaganza, Microsoft found its soon-to-be-replaced browser more vulnerable than ever to various external threats. It should therefore come as no surprise that Internet Explorer is the unfortunate star of February’s security repair assortment.
Over 40 IE vulnerabilities are targeted by the 3034682 update, including one that’s been disclosed prior to the big patch day. Before uninstalling Chrome and Firefox, though, keep in mind the perilous XSS flaw we recently reported remains open for cyber-invasions.
No word yet on when exactly when that hitch be mended (hopefully, in less than a month), but at least Internet Explorer is now immune to a bug which allowed remote code execution by feeding a user a “specially crafted webpage.”
Successful exploit of the now-fixed defect made it easy for skilled attackers to gain admin user rights on an infected system, permitting them to wreak havoc both on and offline with little effort.
Meanwhile, another couple of “critical” malfunctions that should now be a thing of the past targeted both public and private Windows Kernel-Mode Driver vulnerabilities, and an additional Group Policy flaw which Google didn’t get to expose.
The list of patched Windows, Office and Microsoft Server Software issues includes an extra half a dozen “important” pickles, one of which could have led to remote code execution. Then you have your security feature bypasses, elevation of privilege and information disclosure bugs. Almost routine stuff at this point.
It’s been a busy month for Redmond’s security experts, and their schedule is unlikely to clear up anytime soon. But if Windows 10 and Project Spartan see daylight glitch-free, it’ll all be worth it.
