Microsoft Plans To Patch Critical Windows IE Bugs

Microsoft has marked 2 of the 5 security updates it plans to release next week as "critical," together with one that addresses a vulnerability in Internet Explorer that's presently being exploited in the wild.

One of the updates proclaimed during a security bulletin Thursday can patch a flaw in IE10 that was discovered last month by Security Company FireEye being exploited by attack code found on the Veterans of Foreign Wars' internet site. Security firm Websense reportable finding similar code exploiting an equivalent flaw on the compromised internet site of a French aerospace association, indicating there was proof the exploits had been circulating since Jan 20.

Last month, Microsoft delivered a Fixi-It tool as a temporary fix for the internet explorer flaw, that was rated as "critical," Microsoft's most severe classification. The flaw additionally affects internet explorer nine however isn't being exploited in that version.

The security update additionally addresses a Windows vulnerability additionally rated as vital that enables remote code execution altogether Windows versions apart from RT and Server Core. 2 different Windows updates rated as vital address a privilege elevation vulnerability and a security feature bypass, have an effect on nearly all Windows versions.

A fifth update, additionally rated as vital, patches a security feature bypass flaw in Silverlight five, the foremost recent version of its transmission player plug-in wont to deliver streaming content to Windows and  Mac OS X computers.

The security updates address vulnerabilities on most supported versions of Windows, together with Window XP, the 12-year-old software package that Microsoft can stop supporting in April.

"Windows XP is fully affected by all of 5 updates, and there's extremely no reason to expect this image to change; Windows XP can still be wedged by the bulk of vulnerabilities found within the Windows ecosystem, however you'll not be able to address the problems any longer," blogged Qualys CTO Wolfgang Kande. "Windows XP is obtaining its penultimate update and is currently very close (just over thirty days) to its declared end of life date."

"So you wish a technique for the XP machines remaining in your infrastructure," Kande wrote. "We area unit still seeing a major variety of XP machines in our scans."