Yesterday was Patch Tuesday, that day we all come to both anticipate and fear, as Microsoft rolls out fixes for its various software, such as Windows and Internet Explorer. It is not a day to take lightly — while the company fixes problems, it also occasionally breaks something. But, while endless reboot cycles are not unheard of, they are also not the norm, and users are encouraged to install these fixes.
This month brought the usual mix of critical and non-critical vulnerabilities. However, accord to security researchers at Sophos, it was a bit more important this time around.
“In Microsoft’s words, ‘the most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer’. In street-speak, that’s what is known as click-to-own: I send you a link, you visit it, and I win automatically and immediately”, Sophos announces.
The fact is, critical or not, these patches all work together to fix a much larger problem. In this case that was ASLR (address space layout randomization) and RCE (request for continued examination). According to Sophos, “RCE holes give you the possibility of getting in; ASLR bypasses help you turn that possibility into a reality”.
Al of this month’s patches work, at least somewhat, in conjunction. So, while these updates are always important, Sophos seems to think this month is a bit more so.Further reading: Microsoft, Security