Microsoft Set to Update IE (Again) for August Patch Tuesday
Microsoft has issued its advanced notification for the upcoming Patch Tuesday update cycle, set to be released on Aug. 13. I personally have never been a big fan of the advanced notification because, quite frankly, the information is somewhat vague and I prefer to just wait for the real deal and all the related important vulnerability information.
While the advanced notification is short on real details, it does provide a trending indication of what we should expect in general terms. This month, Microsoft is set to issue eight new security bulletins, three of which are rated as being Critical (the highest rating of severity for a Microsoft bulletin). Paul Henry, security and forensics analyst at Lumension, noted that at this time last year there were 35 total critical bulletins issued for the year-to-date. In contrast for the year-to-date in 2013, the number of critical bulletins has declined to 25.
Of those three bulletins rated critical in the upcoming August 2013 Patch Tuesday update, one in particular has my interest. Once again, Microsoft is patching its often attacked Internet Explorer Web browser.
I got a great email comment from Lamar Bailey, director of security research and development at Tripwire, about the recent spate of IE updates on Patch Tuesday. He wrote:
"Are you ready to patch IE again next week? Maybe we should rename patch Tuesday to the IE security update since we see them every month now."
Bailey is, of course, quite correct.
In the July Patch Tuesday update, Microsoft addressed a zero-day flaw alongside 17 additional vulnerabilities in IE. That's on top of 19 flaws in IE that Microsoft patched in June. In May there was another 12 IE security issues patched in that month's Patch Tuesday.
So just doing the simple math, over the last 90 days, Microsoft has already issued fixes for at least 48 flaws in IE.
On the positive side of this (always look on the bright side!), to the best of my knowledge there have not been 48 zero-day flaws in IE that have been publicly exploited over the last 90 days. Most of the flaws are responsibly disclosed and Microsoft is responsibly handling fixing flaws too.
Patch Tuesday sometimes brings a surprise or two, with things showing up that were not on the advance notification. We'll have to wait until Tuesday, Aug. 13, to see if that will be the case this time around.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.