Internet Explorer Flaw Finally Fixed in June Patch Tuesday

Tom's Guide / Jill Scharr

Updated June 9, 2014 at 2:21 PM

Internet Explorer Flaw Finally Fixed in June Patch Tuesday

It's almost that time of the month — time for Patch Tuesday! It's that special day when Microsoft releases its latest upgrades and security fixes. This Patch Tuesday, June 10, Microsoft is expected to release a patch for an Internet Explorer 8 bug it allegedly knew about six months ago.

A total of seven security bulletins were included in Microsoft's customary pre-Patch Tuesday alert, two of which have been given a "critical" severity rating, the highest possible.

MORE: Best Antivirus Software 2014

Microsoft designates as critical flaws those that allow remote code execution without the knowledge of the legitimate user. In such a scenario, an external attacker could seize control of a targeted computer and (usually) gets all the same system permissions as did the hapless user who was logged in when the attack began.

The first critical bulletin concerns the now-infamous Internet Explorer 8 bug, disclosed a few weeks ago by Hewlett-Packard's Zero Day Initiative (ZDI), a "bug bounty" program that rewards experts who discover and disclose security vulnerabilities. Allegedly, ZDI contacted Microsoft back in October about a serious flaw in IE 8 (and only IE 8; other versions of Microsoft's browser appear unaffected by this particular flaw).

ZDI says Microsoft never responded, so according to ZDI's policy of publicly disclosing bugs within 180 days of discovery, program administrators disclosed the issue in late May.

IE 8 is the last version of Internet Explorer that is compatible with Windows XP, which Microsoft stopped supporting in April. Did Microsoft retire XP knowing that a serious vulnerability remained on one of XP's main programs?

In response to ZDI's disclosure, Microsoft responded that it would patch this IE 8 flaw, but didn't specify when. Microsoft security manager Dustin Childs confirmed in a blog post that Bulletin One is about that fix; it deals with remote code execution on all supported versions of Internet Explorer (6 through 11) on all supported versions of desktop Windows (Vista, 7, 8 and 8.1, and RT and RT 8.1) and Windows Server (2003, 2008, 2008 R2, 2012, 2012 R2 and Server Core).

Bulletin Two deals with a critical flaw in Microsoft Windows, Office and Lync (an Office-bundled instant-messaging client). It affects all supported versions of Windows Server as well as Microsoft Office 2007 Service Pack 3, Office 2010 Service pack 1 and 2, Microsoft Live Meetings 2007, Microsoft Lync 2010 and Lync 2013.

The other five bulletins are all rated "Important," the second-highest severity rating. Bulletin 3 appears to be the most serious, as it also involves remote code execution, but it only affects Microsoft Word 2007 Service Pack 3 and Office Compatibility Pack Service Pack 3.

We won't know until Tuesday afternoon exactly what's going on with this flaw, but in the past, remote-code-execution flaws have been deemed "Important" rather than "Critical" if user action is necessary for a successful exploit.

Bulletins 4 and 5 deal with information disclosure, or when software doesn't adequately protect data that passes through it, leading to "leakage" of information. The first concerns the most recent updates of older software — desktop Windows Vista Service Pack 2 and Windows 7 Service Pack 1, and Windows Server 2003 Server Pack 2, 2008 Service Pack 2 and 2008 R2 Service Pack 1 — as well as the current desktop Windows 8 and 8.1, tablet RT and RT 8.1, and Windows Server 2012. Bulletin 5 affects Lync Server 2010 and Lync Server 2013.

Bulletin 6 deals with a denial-of-service flaw on desktop Vista Service Pack 2, Windows 7 Service Pack 1, Windows 8 and Windows 8.1, tablet RT and RT 8.1, and Windows Server 2008 Service Pack 2, 2008 R2 Service Pack 1, 2012 and 2012 R2.

And finally, Bulletin 7 has to do with a tampering flaw on Microsoft Windows 7, Server 2008 R2, 8, 8.1, Server 2012 and 2012 R2.

We'll post on Patch Tuesday when the updates themselves come out, along with more detailed explanations of the issues they address.

Email jscharr@tomsguide.com or follow her @JillScharr and Google+. Follow us@TomsGuide, on Facebook and on Google+.

Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
What scouts think of Bronny James' NBA prospects
The biggest question looming over the NBA draft combine this week: How will Bronny James do?
Yahoo Sports
2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set
With the lottery order set, here's a look at Yahoo Sports' projections for both rounds of the 2024 NBA Draft.
Yahoo Sports
Your favorite WNBA rookies didn’t make the cut. So what’s their path back to the league?
For rookies who were waived, the climb to their pro dreams is steeper, but the path ahead is well-worn with trail markers of established success.
Yahoo Sports
NFL schedule release: Chiefs to host Ravens in 2024 season opener
Chiefs vs. Ravens on Sept. 5 will be a rematch of last season's AFC Championship Game.
Yahoo Sports
The Spin: Making a call on 5 slumping fantasy baseball stars
All five of these hitters were drafted highly in fantasy baseball leagues. So far, they have not lived up to their ADPs — and that's an understatement. Scott Pianowski analyzes.
Yahoo Sports
Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?
In one scenario, Dallas makes Prescott the highest paid player in NFL history. In another, the Cowboys decline that commitment, at which point another team will make him the top paid player in NFL history.
Yahoo Finance
Utility stocks are on fire — here are Wall Street analysts' top picks
Utility stocks are outperforming the broader markets. Here's a look at three top picks from analysts.
Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Yahoo Sports
MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list
Here's a look at the rookies who have stood out on each team through the first quarter of the 2024 season.
Autoblog
Best used cars to buy in 2024: From trucks and SUVs to EVs
The best used cars to buy in 2024 include small and midsize cars, trucks, crossovers and SUVs, and even a couple of used electric cars.
Yahoo Finance
Here's 1 big investing mistake you are probably still making
Maybe a 5% CD isn't the best choice for your hard-earned money.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
Lions reportedly sign QB Jared Goff to 4-year, $212 million extension
The Detroit Lions have had a busy offseason, and that continued on Monday with the reported extension of quarterback Jared Goff.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Architect of PGA-LIV framework agreement resigns in frustration: 'No meaningful progress' toward a deal
Jimmy Dunne cited 'no meaningful progress' being made in negotiations between the PGA Tour and LIV Golf as a reason for his resignation.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers
Fantasy baseball analyst Fred Zinkie offers up his top buy low/high and sell low-high candidates for Week 6.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Internet Explorer Flaw Finally Fixed in June Patch Tuesday

Recommended Stories

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

What scouts think of Bronny James' NBA prospects

2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set

Your favorite WNBA rookies didn’t make the cut. So what’s their path back to the league?

NFL schedule release: Chiefs to host Ravens in 2024 season opener

The Spin: Making a call on 5 slumping fantasy baseball stars

Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?

Utility stocks are on fire — here are Wall Street analysts' top picks

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list

Best used cars to buy in 2024: From trucks and SUVs to EVs

Here's 1 big investing mistake you are probably still making

The best RBs for 2024 fantasy football, according to our experts

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

The best budgeting apps for 2024

Lions reportedly sign QB Jared Goff to 4-year, $212 million extension

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Architect of PGA-LIV framework agreement resigns in frustration: 'No meaningful progress' toward a deal

The FDIC change that leaves wealthy bank depositors with less protection

Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers