Security Watch

Keeping Track of patches and hacks in the IT security world.

Microsoft's First Patch Tuesday of 2014: No Internet Explorer Fixes?

Have we reached an inflection point for Web-browser security? It will be interesting to see as 2014 progresses, how often Microsoft patches Internet Explorer.

Download the authoritative guide:


Microsoft released its advance notification Jan. 9 for the scheduled Jan. 14, 2014, Patch Tuesday update, and it's surprising for a few reasons.

The advance notification indicates that Microsoft is only planning on releasing four security advisories, which is a relatively low number. For comparison, the final patch Tuesday update from Microsoft for 2013, released Dec. 19, had 11 security advisories fixing 24 flaws.

The four security bulletins that Microsoft plans on releasing are rated important, which is interesting in that it means that there are no planned critical updates for January. The four bulletins include two that affect Microsoft Windows, one for Microsoft Dynamics AX and one that impacts both Microsoft's Office and Server software.

What's missing from the list? A specific advisory for Microsoft's Internet Explorer (IE) Web browser.

IE was part of every Microsoft Patch Tuesday update in 2013. The December 2013 update for IE fixed seven vulnerabilities while the November update patched 11 of them.

Throughout 2013, Microsoft aggressively patched IE for both privately reported vulnerabilities as well as those that were already being exploited in the wild. Currently, so far as I'm aware, there are no major IE flaws that are considered to be zero-day flaws that are presently being exploited by attackers.

Now, the fact that I don't know about any IE zero day flaws, doesn't mean that some do in fact likely exist. The fact that Microsoft has not identified an IE fix in its advance notification for the January Patch Tuesday update also does not absolutely mean that Microsoft won't include a fix that will impact IE either.

It is possible that the security bulletins labeled as affecting Microsoft Windows will, in fact, have an impact that relates to IE.

In the modern world, the browser is the key window to the connected Web that is the Internet, and IE is on the front line in the battle against attackers. It will be interesting to see as 2014 progresses, how often Microsoft patches IE. If the patching rate does slow down, signifying a decline in known vulnerabilities, that would be a welcome trend for Microsoft and its users.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.