The second Tuesday of every month is widely known in tech circles as Patch Tuesday, due to software giant Microsoft consistently releasing patches and fixes for their products at that time. The second Patch Tuesday of 2015, February 10, was a big one, with Microsoft releasing fixes for 41 vulnerabilities in Internet Explorer – especially since no patches were issued for IE during January’s Patch Tuesday.
Critical Internet Explorer Vulnerability
The Security Advisory released by Microsoft impacts Internet Explorer versions 6 through 11 and is deemed critical for all users. The most serious of the 41 vulnerabilities addressed by this security update is a remote code execution vulnerability. This vulnerability may corrupt memory in a way that would allow an attacker to execute arbitrary code on a website viewed with IE. With it, an attacker could host a website designed to exploit this vulnerability and gain the same user rights as a user who views the website. This could compromise sensitive information, particularly if the user in question holds administrator rights to the website.
How to Obtain this Internet Explorer Update
Your computer can be set to automatically update whenever Microsoft releases these updates; if you don’t have this feature activated, you can access this update by downloading the links in Microsoft Security Bulletin MS15-009. To activate the automatic updating feature, which we recommend, go to Microsoft’s Safety and Security Center and follow the instructions found there.
To check for updates from Microsoft at any time, you can use the Windows Update feature on your computer. Windows Update can be accessed from your Start menu. Follow these instructions for how to check for Windows updates.
One Last Thing
One flaw that was not addressed in this month’s Patch Tuesday concerns a vulnerability in cross-site scripting, which would allow an attacker to manipulate code from a trusted website with data from an untrusted website. This exploit could make it possible for an attacker to gain access to session authentication cookies or read data from a secure email or banking website. Microsoft is working on a patch for this particular vulnerability, but until then you may be better off not using IE to view sites that require logging into an account.