The IE Flaw Patch is by far the biggest in 2014 so far, with eight updates – Still no patch for XP yet
Microsoft will be issuing eight updates in this week’s batch of monthly security updates since the flaw was first discovered in the beginning of May. This will be the first patch since the end of XP support.
The two critical patches deal with remote-code execution in Internet Explorer 7 and newer, and SharePoint and Office Online – previously known as Office Web Apps.
The remaining six are all labeled “important”. updates 3 and 8 address a remote-code execution flaw and a security feature bypass vulnerability in Microsoft Office 2007 and newer.
Updates 4 to 7 are applicable to Windows Vista and newer and Windows Server 2003 and newer, with 4 to 6 addressing elevation of privilege flaws, while 7 fixes a denial-of-service vulnerability.
This is the biggest batch of updates seen this year so far, however Karl Sigler, threat intelligence manager at Trustwave pointed out each of the eight bulletins only address a few flaws, which he described as “good news”. It is better than nothing right?
What about XP
Microsoft issued an out-of-band patch for a different critical IE exploit, including Windows XP in the update – leading to speculation the company may have to make a full U-turn on its promise to stop supporting the elderly OS.
However, the lack of XP updates this month shows Microsoft is “keeping [its] word to end-of-life the thirteen-year-old operating system. I guess we will have to see if something comes about on this.