Microsoft issues patch for IE zero-day security vulnerability

Microsoft has released an update patch to fix the zero-day security vulnerability affecting Internet Explorer versions 6 through 11 .  The recently discovered IE vulnerability allowed nefarious parties to execute code with elevated permissions and potentially other very bad things.

The update patch is available via automatic update, or if you don’t want to wait for automatic updates to run you can manually launch windows update from control panel, or in the case of Windows XP browse to http://update.microsoft.com

There was speculation that Windows XP would not be patched due to it’s end of life, however Microsoft has decided to include Windows XP in the zero-day IE patch.

Recommendations from Microsoft regarding IE vulnerability (CVE-2014-1776):
1) Apply the patch via Windows Update / Automatic Updates

Best Practices Recommendations:
2) As a best practice, Microsoft recommends upgrading to the latest version of Internet Explorer available for your Operating System.
Windows 8 and Windows 7: IE version 11
Windows Vista: IE version 9
Windows XP: IE version 8

3) Microsoft recommends “upgrading to a modern operating system” which they consider Windows 7 and Windows 8.

Note: Be careful that the update applicable to your target system under MS14-018 (April cumulative update for IE) is installed before the MS14-021 update, otherwise IE will be non-functional after the patch. The MS14-021 article lists 2929437 as a prerequisite update under the “known issues” section, but that update only applies to IE11. The MS14-018 updates applying to other IE versions must be installed (see KB2936068). Any issues will not manifest until reboot.

Related

Leave a Reply

Your email address will not be published. Required fields are marked *