Security Updates: Microsoft® on its way to fix patches
Microsoft fixing bugs and filling gaps haunting Internet Explorer
June 14 is being marked as a “Patch Tuesday.” It marks the release of Security Update by Microsoft for Internet Explorer with 16 security updates, nine critical and seven important. These updates address 34 vulnerabilities. The two most important being Internet Explorer 9.0.1, which is a security update for Internet Explorer 9 and a rare patch for Hyper-V.
Rest of the patches will fix problems in Microsoft Windows, Internet Explorer, Microsoft Office, .NET, SQL, Silverlight, Visual Studio, VML, and ISA.
MS11-050, the patch affecting IE9, is a cumulative patch. It is important for all versions of Internet Explorer. According to Microsoft,
“The security update addresses the vulnerabilities by modifying the way Internet Explorer enforces the content settings supplied by the Web server, handles HTML sanitization using toStaticHTML, handles objects in memory, and handles script during certain processes.”
MS11-047 is a patch for Hyper-V. This is the third patch released by Microsoft for Hyper-V.
There are also patches that fix three publicly known holes. MS11-044 fixes a hole in .Net. This hole lead to malware attack both through servers and clients. Similarly, MS11-039 secures a critical hole that relies on XAML and also affects Silverlight. This patch is another .Net fix.
For Firewall users, Microsoft has issued MS11-040. This will prevent the attacker to run malicious code through Microsoft Forefront Threat Management Gateway (TMG) 2010 Client.
Dave Marcus, director of security research and communications at McAfee Labs, reported that Microsoft has also fixed “Cookiejacking” vulnerability that takes advantage of HTML5 to steal cookies from its victim.
MS11-037 patch closed the publicly reported hole in the MHTML protocol handler in Microsoft Windows. This has fixed a common method for cross-scripting attacks.
Microsoft strongly recommends its users to download the patches through Windows Update.