Critical Windows And IE Vulnerabilities: Microsoft to Dispatch Updates; Fix For 'Zero-Day Vulnerability' on the Way


Windows XP is set to get its penultimate patch on Tuesday. According to the Microsoft Security Bulletin Advance Notification (March 2014), there will be a total of five updates released this week, two of them addressing "critical" vulnerabilities.

Microsoft said the "zero-day" vulnerability in Internet Explorer will be fixed in this set of updates.

What is Zero-Day Vulnerability?

PCtools said this vulnerability refers to a flaw in the software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it. This exploit is called zero day attack. Uses of zero day attacks include infiltrating malware, spyware or allowing unwanted access to user data. The term "zero day" refers to the unknown nature of the flaw to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer who must protect the users. The received vulnerability had a temporary patch from Microsoft in February, after the researchers from FireEye revealed the vulnerability was being served up in a compromise of the U.S. veteran's Web site, as reported by SCMagazine.

What Are the Updates?

According to The Inquirer, Wolfgang Kandek (CTO of security firm Qualys) said, "Priority one should be the two 'critical' patches. Bulletin one for all versions of 'Internet Explorer', starting with v6 all the way to v11 and bulletin two for 'Windows', affecting all Windows OS versions from Windows XP to Windows Server 2012, with the exception being Windows RT."

Bulletins three and four will address important but not critical vulnerabilities in Windows, and bulletin five will be for users of Silverlight on Mac and Windows.

The critical bulletin in the March Patch (Tuesday) updates the January bulletin.

Join the Discussion