Microsoft Issues Security Updates for Critical Vulnerabilities in Internet Explorer and Windows Journal
Microsoft issued new update packages to patch critical vulnerabilities in Internet Explorer and Windows Journal, according to Microsoft’s July Security Bulletin.
Two updates have been rated `critical,’ three as `important’ and one `moderate,’ by the company, which addressed 29 vulnerabilities in six update packages, from MS14-037 to MS14-042.
Photo credit: Microsoft’s Blog
“The ongoing diligent work from our Internet Explorer team continues this month, with the security bulletin for Internet Explorer addressing a total of 24 CVEs,” said Microsoft’s Security Bulletin MS14-037 for Internet Explorer. “The most critical of these could allow remote code execution if a user views a webpage specially crafted by a cybercriminal.”
For the critical IE issue, there were 23 critical undisclosed vulnerabilities and one disclosed vulnerability, as it affected IE versions from 6 to 11 on many Windows versions, from consumer to enterprise servers.
The other critical vulnerability was based in the Windows Journal file, as it affects consumer Windows versions such as Windows Vista SP2 (x86 & x64), Windows 7 SP1 (x86 & x64), Windows 8 & 8.1 (x86 & x64) and Windows RT & RT 8.1.
Among the impacted enterprise server operating systems are Windows Server 2008 SP2 (x86 & x64), Windows Server 2008 R2 SP1 (x64) and Windows Server 2012 & 2012 R2.
“Systems where Windows Journal is used, including workstations and terminal servers, are primarily at risk,” advised Microsoft’s Security Bulletin MS14-038.
“The security bulletin for Windows Journal addresses one privately reported CVE that could allow an attacker to execute code on your system if you open a malicious Windows Journal file,” said Microsoft’s Dustin Childs in a blog post.
Microsoft was not the only one today to have pushed new critical security updates, as Adobe issued a security update for three published vulnerabilities.