Patch Tuesday Update Sees Critical Repair To IE
Surprisingly light Patch Tuesday update brings critical fixes for Microsoft’s outgoing web browser
Fixes for vulnerabilities found in Microsoft’s Internet Explorer browser dominated the latest Patch Tuesday security bulletin from the software giant.
In a relatively modest compared to other more hefty updates in the past few months, the latest Patch Tuesday update delivers eight bulletins that covers a total of 45 vulnerabilities. Four of the eight bulletins fix vulnerabilities that could allow for the remote execution of code.
The bulletin for Internet Explorer (MS15-06) for example contains 24 patches, including 20 of which fix critical flaws.
Patched Up
Other fixes in the update are rated important, however the patch for Windows Media Player (MS15-060) is also designated as critical, as it fixes a vulnerability that could have allowed remote code execution if Windows Media Player opens specially crafted media content hosted on a malicious website.
Other bulletins cover vulnerabilities and faults with the Windows operating system, Office suite, Windows Media Player, Active Directory, and the Exchange Server.
“It’s that time of the month again, Patch Tuesday for June!,” security provider Trustwave commented. “With only eight total bulletins (2 Critical and 6 Important) this Patch Tuesday is surprisingly light compared to months past.”
“What’s not surprising is that Internet Explorer is back with another Critical bulletin patching 24 individual CVEs, half of all the vulnerabilities this month,” said the firm. “The second Critical bulletin patches a remote code execution vulnerability in Windows Media Player. An attacker could exploit this vulnerability by sending their victim a link that invokes WMP in a specific way that allows the attacker to execute arbitrary code in the context of the logged in victim.”
Symantec meanwhile has also provided a full breakdown of the Patch Tuesday update here.
IE Successor
The patches to Internet Explorer come as the web browser is slowly being phased out.
Microsoft confirmed in late March that Project Spartan (or Project Edge as it is now called), its next generation web browser, has been included in the Windows 10 technical preview for the first time.
That new browser was unveiled alongside Windows 10 in January, and Redmond is touting it as the new option for the modern web with a focus on security, reliability and speed, as well as continuous updates that allow it to keep up with the latest trends.
Are you a security pro? Try our quiz!