Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    Microsoft Patches 37 Vulnerabilities in August Update

    By
    Sean Michael Kerner
    -
    August 13, 2014
    Share
    Facebook
    Twitter
    Linkedin
      Microsoft Patch Tuesday

      Microsoft today delivered its monthly Patch Tuesday update, providing fixes for 37 unique common vulnerabilities and exposures (CVEs)—26 of which affect Microsoft’s Internet Explorer.

      The 25 CVEs for IE are all patched inside the MS14-051 security bulletin. In the bulletin, Microsoft notes that 25 of the CVEs were privately reported and one CVE was previously publicly disclosed. The one publicly disclosed IE vulnerability is identified as CVE-2014-2819.

      “These vulnerabilities are caused when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges,” Microsoft warned in its security bulletin.

      Alongside the August Patch Tuesday update, Microsoft has also created a new rating for its exploitability index. Microsoft first debuted its exploitability index back in 2008 as a way to help inform end-users about the likelihood that a vulnerability could be exploited. Starting with this month’s Patch Tuesday, Microsoft has now added a new 0 rating, which is being used for the MS14-051 bulletin. The 0 rating means that the exploitation of vulnerabilities has been detected.

      “The 0 rating on the exploitability index is long overdue and a great addition,” Tyler Reguly, manager of security research at Tripwire told eWEEK. “This is a good way for people to quickly look and see what is a risk for them today, instead of having to read the full bulletin to make that determination.”

      Eric Cowperthwaite, vice president, advanced security and strategy, Core Security, told eWEEK that he likes the addition of the 0 designation for the exploitability index. “It’s good that Microsoft is being very explicit that something is currently being exploited in the wild,” Cowperthwaite said. “Security teams, IT operations teams, etc., need to pay very close attention to anything with a 0 designation; it’s serious and needs attention.”

      With the MS14-051 update, Microsoft is now enabling a critical new security feature in IE. The new feature is the ability to block outdated ActiveX browser controls, which can be a potential path to user exploitation. While the feature is enabled in the new IE patch, Microsoft is not yet actually blocking anything for 30 days.

      “Based on customer feedback, we have decided to wait 30 days before blocking any out-of-date ActiveX controls,” a Microsoft spokesperson told eWEEK.

      The spokesperson explained that IE users can employ the new logging feature to assess ActiveX controls in their environment, and deploy group policies to enforce blocking, turn off blocking ActiveX controls for specific domains or turn off the feature entirely depending on their needs

      “The feature and related group policies will be available Aug. 12, but no out-of-date ActiveX controls will be blocked until Tuesday, Sept. 9,” the spokesperson stated.

      Wolfgang Kandek, CTO of Qualys, said the new ActiveX blocking technology will be a a positive addition to the IE security landscape.

      “It is a lightweight, common sense mechanism to get quick relief out,” Kandek told eWEEK. “IE will check every 12 hours for a new version of the file, and that will enable Microsoft to provide quick fixes for common attacks as they are documented.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×