Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

June patch Tuesday will see long-standing IE bug fixed

by The Gurus
June 6, 2014
in Editor's News
Share on FacebookShare on Twitter

Microsoft will release seven patches next week to cover updates for Word, Office and Internet Explorer.
 
Included is a critical update for Internet Explorer addresses , which has not been used in any active attacks according to Microsoft, while the other critical patch addresses a remote code execution issue in Windows, Office and Lync.
 
The other five patches are rated as critical; one is for a remote code execution vulnerability, two for information disclosure flaws, one for a denial-of-service bug and the final for “tampering”.
 
Russ Ernst, director of product management at Lumension, said: “Last month, IE saw a lot of activity, first with the out-of-band patch released on May 1, a point fix released as part of May’s Patch Tuesday, and a vulnerability that was publicly disclosed by the Zero-Day Initiative on May 21st .We will have to wait and see if June Patch Tuesday is a cumulative update for the popular browser but odds are it will be. And if you’re still using XP, you’re out of luck.”
 
Wolfgang Kandek, CTO of Qualys, said: “Bulletin two is a bit strange, because it affects Windows, Office and Lync, the Microsoft IM client. It must be in a component that is present separately in all three software packages. In addition it is rated only “important” in Office, indicating that it is a file-based vulnerability. Our bet is on a graphics format vulnerability, but we will see next Tuesday. Keep an eye on this one.”
 
Ernst said: “Notably, bulletins 2 and 4 target Windows Server 2003 so this is a good time to note its impending end of life in July, 2015. We are coming up on just a year out now and because any changes to your server will likely be a significant amount of work, it isn’t too soon to get started on that plan.”
 
Ross Barrett, senior manager of security engineering at Rapid7, said: “Given that the first critical is an IE vulnerability affecting all supported versions, it’s likely we will again see patches for XP Embedded, the same might be true for the second depending on the exact affected component. Given that the second bulletin will affect Lync Server and the older Live Meeting Console this may be a truly remotely exploitable vulnerability. Needless to say, these are the top two patching priorities.
 
“The tampering label on the seventh bulletin may suggest it allows a message to be altered in transit. Probably a limited scenario for exploitation.”

FacebookTweetLinkedIn
Tags: Explorer. VulnerabilityPatchWindows
ShareTweetShare
Previous Post

A year since Snowden's revelations – industry views

Next Post

Fresh OpenSSL flaw "will have far less impact than Heartbleed"

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information