Every month, on the second Tuesday, Microsoft brings forth a font of updates and fixes to its software, helping to beat back known security holes. This is an important act, as it helps to keep its software empire as free from danger as can be. However, not all patches are preemptive, some are reactive, fixing issues that have already been exploited.
In July’s bevy of updates, some 9 bulletins have been issued. They address a total of 16 vulnerabilities. Of the 9, 3 are rated as ‘critical.’ This is a normal load of bulletins, and their relative urgency is standard as well.
Among the updates is a fix for Internet Explorer 9, something that has raised eyebrows, as there are two issues in the browser that currently allow for a malicious website to take command of a machine. Security firm Qualys has notes on the matter:
Bulletin MS12-044 is an update for Internet Explorer 9 that addresses two critical vulnerabilities. Both can be triggered through a malicious webpage, and both allow the attacker “Remote Code Execution,” i.e., full control of the targeted machine.
The exploitability index is 1, meaning that Microsoft believes that it is easy for attackers to reverse engineer the patch and develop an exploit.
As that post goes on to note, Microsoft has apparently cut the time that it takes for an update to Internet Explorer to reach the public from two months to one. That’s a large decline. Before, testing pushed any new code for Internet Explorer into a bi-monthly release cycle.
As always, Microsoft has the full breakdown on every fix and patch here. If you are a consumer, and have Windows Update turned on, you should be all set.
Top Image Credit: Robert Scoble