After unexpectedly leaving it out of last month’s Patch Tuesday extravaganza, Microsoft found its soon-to-be-replaced browser more vulnerable than ever to various external threats. It should therefore come as no surprise that Internet Explorer is the unfortunate star of February’s security repair assortment.
Over 40 IE vulnerabilities are targeted by the 3034682 update, including one that’s been disclosed prior to the big patch day. Before uninstalling Chrome and Firefox, though, keep in mind the perilous XSS flaw we recently reported remains open for cyber-invasions.
No word yet on when exactly when that hitch be mended (hopefully, in less than a month), but at least Internet Explorer is now immune to a bug which allowed remote code execution by feeding a user a “specially crafted webpage.”
Successful exploit of the now-fixed defect made it easy for skilled attackers to gain admin user rights on an infected system, permitting them to wreak havoc both on and offline with little effort.
Meanwhile, another couple of “critical” malfunctions that should now be a thing of the past targeted both public and private Windows Kernel-Mode Driver vulnerabilities, and an additional Group Policy flaw which Google didn’t get to expose.
The list of patched Windows, Office and Microsoft Server Software issues includes an extra half a dozen “important” pickles, one of which could have led to remote code execution. Then you have your security feature bypasses, elevation of privilege and information disclosure bugs. Almost routine stuff at this point.
- Hackers can bypass the Windows 10 S lockdown due to security flaw
- Microsoft will pay you up to $250,000 to find Spectre-like flaws
- Microsoft misses another Edge-related 90-day security disclosure deadline
- How Google’s ‘Project Zero’ task force races hackers to snuff out bugs
- Nowhere is safe now that AMD has suffered its own Meltdown