Dajbych.net


Updating IE 11.0.3 to Windows Update

, a minute to read

windows update logo

The February cumulative security update for Internet Explorer 6, 7, 8, 9, 10, and 11 is available on Windows Update. It fixes one publicly known vulnerability and twenty-three potentially dangerous vulnerabilities that were reported in time before they were publicly discovered. The most serious vulnerabilities relate to remote code execution if a user visits an attacker’s website. The user can then gain the same rights as the user.

Users with UAC (User Account Control) enabled are better protected against attacks. The update is on Windows Update, so you don't need to take any special action if you have automatic updates enabled. Otherwise, I recommend deploying this update as soon as possible, because the most vulnerable systems are in the time between the disclosure of the vulnerability and the installation of the security update.

Twenty-one vulnerabilities relate to memory corruption. One made the page visible to scripts from another domain or zone. The next one was in the VBScript interpreter. The latter allowed scripts to use elevated privileges when checking installation files and writing to the registry.

The update is rated critical for Windows client, recommended for Internet Explorer 6 and 7 on Windows Server, and important for Internet Explorer 8, 9, 10, and 11 on Windows Server.

For more information, see Security Bulletin MS14-010.

I wrote the article for TechNet Blog CZ/SK.