TIME TRAVELLERS needed to secure Windows 7
June's IE 11 patch depends on unrelated April update
Microsoft has forced Windows 7 users to apply an April update in order to receive June's patches for its Internet Explorer 11 browser.
The demand does not affect users of earlier versions of its flagship browser or operating system.
Microsoft did not provide reasons for the move but it appeared to have simplified its patching process since updates need only to be crafted for the latest incarnation of the latest browser version.
In order to receive June's monster critical update (MS14-035) and all future IE 11 patches, users would need to speed up testing of April fix MS14-18, which addressed handling of objects in memory, KB2919355, or
KB2929437, Microsoft said in a support document.
The latest fix, released June 10, addressed 59 security vulnerabilities in Internet Explorer the most severe of which could allow remote code execution when users pointed their browsers to specially crafted web sites.
"These vulnerabilities by themselves do not allow arbitrary code to be run. However, these vulnerabilities could be used in conjunction with another vulnerability (e.g., a remote code execution vulnerability) that could take advantage of the elevated privileges when running arbitrary code," Microsoft said in a MS14-035 advisory.
"In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit these vulnerabilities.
"For example, an attacker could trick users into clicking a link that takes them to the attacker's site."
Users running IE 11 would miss out on browser fixes without update 2919355 for Windows 8.1 or Windows Server 2012 R2, or update 2929437 for Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1.
Users with automatic updates activated would not feel the affects of the new demand unless those updates had quietly failed leaving them exposed. ®