Feeds

TIME TRAVELLERS needed to secure Windows 7

June's IE 11 patch depends on unrelated April update

Beginner's guide to SSL certificates

Microsoft has forced Windows 7 users to apply an April update in order to receive June's patches for its Internet Explorer 11 browser.

The demand does not affect users of earlier versions of its flagship browser or operating system.

Microsoft did not provide reasons for the move but it appeared to have simplified its patching process since updates need only to be crafted for the latest incarnation of the latest browser version.

In order to receive June's monster critical update (MS14-035) and all future IE 11 patches, users would need to speed up testing of April fix MS14-18, which addressed handling of objects in memory, KB2919355, or
KB2929437, Microsoft said in a support document.

The latest fix, released June 10, addressed 59 security vulnerabilities in Internet Explorer the most severe of which could allow remote code execution when users pointed their browsers to specially crafted web sites.

"These vulnerabilities by themselves do not allow arbitrary code to be run. However, these vulnerabilities could be used in conjunction with another vulnerability (e.g., a remote code execution vulnerability) that could take advantage of the elevated privileges when running arbitrary code," Microsoft said in a MS14-035 advisory.

"In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit these vulnerabilities.

"For example, an attacker could trick users into clicking a link that takes them to the attacker's site."

Users running IE 11 would miss out on browser fixes without update 2919355 for Windows 8.1 or Windows Server 2012 R2, or update 2929437 for Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1.

Users with automatic updates activated would not feel the affects of the new demand unless those updates had quietly failed leaving them exposed. ®

Beginner's guide to SSL certificates

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Shellshock over SMTP attacks mean you can now ignore your email
'But boss, the Internet Storm Centre says it's dangerous for me to reply to you'
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.