Microsoft to Patch IE Flaw, 9 Others Next Week

The Microsoft Security Response Center announced today that it will ship ten bulletins in the March edition of patch Tuesday. MSRP considers just two of the patches critical, one of which supplements the currently available “Fix it” tool that resolved the IE vulnerability exploited recently in an attack targeting the U.S. Department of Labor.

Microsoft will ship 10 bulletins in the May edition of Patch Tuesday. The company considers just two of the patches critical, one of which supplements the currently available “Fix it” tool that resolved the IE zero-day vulnerability exploited recently in a watering-hole attack targeting the U.S. Department of Labor.

The critical patches address that and other vulnerabilities in Microsoft Windows and Internet Explorer that could give an attacker the ability to execute code remotely.

The remaining important patches will mend a denial of service hole in Windows, a spoofing issue in that and the .NET framework, a remote code execution bug in Lync, two remote code execution flaws and one information disclosure problem in Office, an information disclosure vulnerability in Windows Essentials, and an elevation of privilege defect in Windows.

Wolfgang Kandek, the CTO of Qualys Inc., writes on his blog that systems administrators should prioritize the IE zero-day vulnerability that enabled the Department of Labor hack and the other remote code execution flaws.

Kandek says that the second bulletin addresses the IE 8 zero-day mentioned above, while the first bulletin provides fixes for the IE vulnerabilities made public in the Pwn2Own contest at CanSecWest conference in March.

The Tuesday release will also include patches for Adobe and a new version of Reader. Most importantly, Adobe is working on a fix for a recent ColdFusion zero-day that should be ready for shipment on Tuesday.

Microsoft will release the patches on Tuesday, replacing the advanced notification bulletins on their Security TechCenter webpage.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.