Has Microsoft Finally Secured Internet Explorer?
For once, there are no fixes for Internet Explorer on Patch Tuesday. Sean Michael Kerner welcomes Microsoft’s progress in securing its browser
In today’s Patch Tuesday, Microsoft only issued four security advisories, which is a relatively low number. For comparison, the final patch Tuesday update from Microsoft for 2013, released 19 December had 11 security advisories fixing 24 flaws.
The four security bulletins that Microsoft released are rated important, which is interesting in that it means that there are no critical updates for January. The four bulletins include two that affect Microsoft Windows, one for Microsoft Dynamics AX and one that impacts both Microsoft’s Office and Server software.
Is Internet Explorer secure at last?
What’s missing from the list? A specific advisory for Microsoft’s Internet Explorer (IE) Web browser.
IE was part of every Microsoft Patch Tuesday update in 2013. The December 2013 update for IE fixed seven vulnerabilities while the November update patched 11 of them.
Throughout 2013, Microsoft aggressively patched IE for both privately reported vulnerabilities as well as those that were already being exploited in the wild. Currently, so far as I’m aware, there are no major IE flaws that are considered to be zero-day flaws (ie, new and unfixed flaws) that are presently being exploited by attackers.
Now, the fact that I don’t know about any IE zero day flaws, doesn’t mean there aren’t any. And although none of Microsoft’s fixes are for labelled “IE”, bulletins labeled as affecting Microsoft Windows can sometimes have an impact that relates to IE.
In the modern world, the browser is the key window to the connected Web that is the Internet, and IE is on the front line in the battle against attackers. It will be interesting to see as 2014 progresses, how often Microsoft patches IE. If the patching rate does slow down, signifying a decline in known vulnerabilities, that would be a welcome trend for Microsoft and its users.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Are you a security expert? Try our quiz!
Originally published on eWeek.