Microsoft Patches 24 Vulnerabilities in Internet Explorer
Once again, Internet Explorer is tagged for the largest share of fixes in Microsoft's monthly Patch Tuesday update.Microsoft came out today with its monthly Patch Tuesday update, this time patching a total of 29 common vulnerabilities and exposures (CVEs). Of the 29 CVEs, 24 are attributed to Microsoft's Internet Explorer (IE) Web browser. All of the IE vulnerabilities are detailed in the MS14-037 security bulletin. While the 24 fixed IE CVEs in the July Patch Tuesday update might seem like a large number, in fact it is less than half of the 59 IE vulnerabilities that Microsoft fixed in the June Patch Tuesday update last month. Of the 24 IE vulnerabilities in IE fixed this month, 10 were discovered by networking vendor Palo Alto Networks. "The Palo Alto Networks threat research team proactively examines widely used software such as Internet Explorer for critical, unknown vulnerabilities," Scott Simkin, senior cyber analyst at Palo Alto Networks, told eWEEK. "We do this through a combination of proprietary automated tools and manual human intelligence."
Palo Alto's research team is committed to ferreting out vulnerabilities, and sharing them with Microsoft for patching, as well as creating protections for its own customers, Simkin said. The 10 vulnerabilities reported by Palo Alto affect IE versions 6, 7, 8, 9, 10 and 11. All of the Palo Alto Networks reported IE flaws are memory-corruption vulnerabilities that could potentially enable a full remote code execution.