IE at risk of malware attacks; 57 flaws in total
Microsoft will release 12 patches for 57 vulnerabilities next week for Windows, Internet Explorer, and Office.
A spattering of enterprise products, including Microsoft Office and Windows Server, and developer tools, such as .NET Framework, will also be patched.
Five of the updates are labeled “critical,” in which malicious code can be remotely executed on users’ machines. Another vulnerability that allows remote code execution is labeled “important.”
The company’s pre-release bulletin warns of two major vulnerabilities for Internet Explorer, which will patch a flaw allowing hackers to run remotely executed code on vulnerable machines. All versions from IE6 to IE10 are affected, including Windows RT-based Surface tablets, which will also need to be updated.
With this in mind, users are advised to switch to another browser for the next few days until the updates are released.
While the software giant normally throws in any Internet Explorer fixes into a monthly update, next Tuesday’s patches will address the severity of the vulnerabilities.
Another critical update will address a flaw in Windows XP, Windows Vista, and Windows Server 2003—but does not affect later versions of the operating system, such as Windows 7 or Windows 8.
The fourth critical vulnerability patches Microsoft’s email server, Exchange, while the fifth critical vulnerability affects only Windows XP-based machines.
In other “important” updates, Microsoft will also patch SharePoint which could be subject to code injection attacks.
Microsoft doesn’t release the full details of the vulnerabilities until patches are made available.
Microsoft’s advisory notice serve as a ‘get prepared’ warning for the upcoming Tuesday, February 12, when the patches are released through the usual update channels, such as Windows Update.