Security Market Segment LS
Friday, 16 October 2015 22:12

Microsoft patches all versions of Internet Explorer

By

Microsoft has issued a patch for all supported versions of Internet Explorer to stop remote code execution.

Internet Explorer (IE) – also available in Windows 10 as an app under Windows Accessories - could allow remote code execution if a user views a specially crafted webpage.

IE is generally the default browser on all Windows desktops and servers apart from Windows 10 where it defaults to its new Edge Browser that is not affected.

Microsoft has acknowledged FireEye, HP, Trend Micro, and Verisign for discovering the flaw.

In its main patch release for October it also released two other patches MS15-108 and MS15-109 that addressed critical remote code execution vulnerabilities in JScript and VBScript, and a security update for Windows Shell to address remote code execution.

Users of earlier Windows versions should go to Windows Update and check – these versions allowed for manual checking and installation.

For Windows 10, patches usually automatically enabled. Users can check this by going to Start, settings, Update and Security, and select Windows update and check for updates. If this screen does not read, “Available Updates will be downloaded and installed automatically” you are advised to select the Advanced Option and enable this security feature.

Opinion

Some media delighted in using headlines like ‘Be very afraid” and similar. Fact is that Microsoft’s cloud based auto-update system allows it to download patches as quickly as they are available.

Let’s look at a bit of history - from modern to ancient.

Windows 10 has 35 known vulnerabilities – the vast majority are not critical. All have been patched via auto-updates without fanfare or fever pitched Windows 10 bashing. Sure, more will be found over its lifetime.

Windows 8.1 had 175 vulnerabilities. Windows 8 had 227. I would point out that these two operating systems were launched in the Ballmer era when by ‘hook or by crook’ a touch solution was to be launched in a difficult period. It is said that Microsoft gets it right on the third attempt – that is W10.

Windows 7 had 486 vulnerabilities yet it is still considered the most stable desktop made. The issue here is that many users elected not to enable auto-updates. In corporate use, many sys admins turned auto-update off in order to assess the potential impact of patches that come out regularly on ‘Patch Tuesday’. But they have far stronger security measures to counter attack – or should have.

Windows Vista actually only had 73 vulnerabilities – It was a radical change from XP and paved the way for Windows 7.

Windows 10 is safer but you should still run a commercial paid program with safe surfing and anti-phishing capacities like Norton Security et al. These generally protect better than free programs.

Apple Mac users should not throw stones – it has had hundreds of vulnerabilities that Apple has fixed.

In the end it all depends whether the vulnerabilities are actually exploited by cyber-criminals. Quick action by Microsoft stopped that.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.

REGISTER HERE!

LAYER 1 ENCRYPTION A KEY TO CYBER-SECURITY SOLUTION

Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.

DOWNLOAD!

Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

VENDOR NEWS & WEBINARS

REVIEWS

Recent Comments