Connect with us

Hi, what are you looking for?



Microsoft to Close Critical IE Security Holes on Patch Tuesday

Microsoft is prepping fixes for close to three dozen vulnerabilities for this month’s Patch Tuesday, including critical issues affecting Internet Explorer.

Microsoft is prepping fixes for close to three dozen vulnerabilities for this month’s Patch Tuesday, including critical issues affecting Internet Explorer.

Tucked in among the 10 security bulletins is one aimed squarely at the Internet Explorer 8 zero-day vulnerability being exploited in the wild. Microsoft has already issued a “Fix It” tool this week to offer protection in lieu of a patch. According to the company, the issue is due to the way IE accesses an object in memory that has been deleted or that has not been properly allocated. By exploiting the issue, an attacker could potentially remotely execute code.

“In all cases, however, an attacker would have no way to force users to view the attacker-controlled content,” Microsoft noted. “Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker’s website, or by opening an attachment sent through email.”

The vulnerability has been at the center of a spate of water holing attacks that have roped in a number of sites, including the U.S. Department of Labor site.

All totaled, 33 vulnerabilities are expected to be fixed. Just two of the bulletins are rated ‘critical’, while the other eight are considered ‘important.’ Both critical bulletins address issues in Internet Explorer. The remaining bulletins are focused on issues in Windows, Microsoft Lync, Microsoft Office and Microsoft Windows Essentials.

“With ten bulletins, eight important this month, we have seen 45 to date in 2013, or 10 more bulletins than last year at this time,” said Paul Henry, security and forensic analyst at Lumension. “This tells me Microsoft is continuing to dig deeper into their code base to uncover lower level vulnerabilities. This is good news and I believe the trend toward higher numbers of important bulletins will continue given Microsoft’s apparent commitment to proactively discovering and patching security issues in their code.”

“As always, I recommend patching the important bulletins based on what programs you’re using,” he said. “Looking through the bulletins, Bulletin 4 is probably the most interesting, affecting all versions of Windows, from XP through Windows RT and Windows 8. This is a spoofing issue, which we don’t see very often in Microsoft bulletins. I’ll be very interested to see what this one turns out to be on Tuesday.”

Advertisement. Scroll to continue reading.


*This story has been updated to reflect an error by Microsoft regarding the number of vulnerabilities set to be patched. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.