News Stay informed about the latest enterprise technology news and product updates.

Microsoft issues fixes for Internet Explorer, Group Policy

Microsoft issued patches across nine bulletins for February's Patch Tuesday update. The company fixed issues within Group Policy and Internet Explorer.

Microsoft is sending Windows Server admins some security love this month with a number of Patch Tuesday updates...

covering a large number of vulnerabilities.

This month's round of security fixes includes three critical updates and six important updates. All three critical updates address remote code execution vulnerabilities.

One critical update addresses 41 reported vulnerabilities in Internet Explorer (IE). These vulnerabilities could be exploited if end users visit a malicious website using the browser. All supported versions of IE are affected.

The larger number of vulnerabilities is likely because there were no fixes in last month's batch of patches, said Wolfgang Kandek, CTO of Qualys, Inc., a cloud security and compliance software provider based in Redwood Shores, Calif.

There is one publicly exploited exploit, which would be used in conjunction with another exploit, Kandek said.

Another critical fix addresses a Group Policy vulnerability in Windows Server. The vulnerability could be exploited if end users with a domain-configured system connect to a network the attackers already control. Windows Server 2003 and higher as well as Windows 7 and higher are affected.

However, Windows Server 2003 did not receive a patch, because issuing an update would require re-architecting "a very significant amount" of the operating system, the company said in an update FAQ. The company added that workstations connected to untrusted networks are most at risk for this vulnerability.

Group Policy patches are a rarity for the company, Kandek said.

"Group Policy is only used within companies, you'd have to pose as the domain," Kandek said. "It would have to be used in conjunction with another exploit."

Kandek said he anticipates that there could be more exploits in the realm of Group Policy down the line.

The final critical update fixes six kernel-mode driver vulnerabilities in multiple versions of Windows and Windows Server. These vulnerabilities could be exploited if end users open malicious documents or websites with TrueType fonts embedded in them.

There are six important fixes in this round of Patch Tuesday updates that address a number of vulnerabilities. Another Group Policy fix appears in a security feature bypass vulnerability affecting multiple versions of Windows Server. The vulnerability could be exploited if attackers corrupt a policy file in the Group Policy Security Configuration Engine, which will force Group Policy settings to revert back to a potentially less secure status.

Another important update includes a fix for an elevation of privilege vulnerability in Virtual Machine Manager (VMM). The vulnerability could be exploited if attackers log on to the system using valid Active Directory logon credentials. This update only affects System Center 2012 R2 VMM Update Rollup 4.

Other important updates address vulnerabilities in Office, Windows and the Microsoft Graphics component. The complete list of this month's security fixes can be found here.

Dig Deeper on Windows Server and Network Security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Is it just me or why do we not hear this much on the other browsers like Firefox, Chrome, Opera having this many security flaws. I was never a big fan of IE. In the past it was Netscape, then Firefox and now Chrome is my browser of choice. 
Cancel
Internet Explorer should just be renamed to "Obsolete Browser" at this point, honestly. Unfortunately for common users, Microsoft clearly can't maintain an Internet browser.
Cancel
IE reminds me of a VCR blinking 12:00.. Some people just live with it instead of fixing the problem. There are other options but some just don't know or do not want to be bothered stopping the madness...
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchEnterpriseDesktop

SearchVirtualDesktop

Close