Just One Critical IE Bulletin for September’s Patch Tuesday

Microsoft looks set to lighten the Patch Tuesday load for IT admins this month by scheduling just four security updates for customers tomorrow, including one critical update for Internet Explorer.

Bulletin 1 covers a remote code execution problem on all supported versions of the browser, from Internet Explorer 6 on Windows Server 2003 onwards.

It was rated 'critical' by Redmond for Vista, Windows 7, Windows 8 and 8.1, but 'moderate' when applied to servers.

While the patch load looks pretty light, there was no word from Microsoft on exactly how many IE vulnerabilities would need to be patched in the update. Redmond has forced administrators to install over 100 of them in Patch Tuesday bulletins over the past three months.

“This IE bulletin will be lighter than previous months but it’s likely that several of these CVEs have been already been exploited in the wild or will be weaponized soon,” argued Trustwave threat intelligence manager, Karl Sigler.

“To protect yourself from these threats, you will want to apply this update as soon as possible.”

The remaining three bulletins, all rated 'important,' address a denial of service issue affecting Windows and .NET; an elevation of privilege problem with Windows; and a denial of service issue affecting Lync Server.

These bulletins “are not urgent and can be covered within your normal patching process,” according to Qualys CTO Wolfgang Kandek.

Microsoft will be hoping this month’s security update will go off more smoothly than August’s Patch Tuesday.

Redmond was forced to pull bulletin MS14-045 after it caused PCs to crash with the infamous 'Blue Screen of Death.'

Trustwave’s Sigler claimed a similar situation was unlikely this month.

“This month's security release should go much smoother since there will be no new security updates for Kernel-mode drivers or anything affecting low-level drivers for Windows,” he said.

What’s Hot on Infosecurity Magazine?