BT
x Your opinion matters! Please fill in the InfoQ Survey about your reading habits!

August Patch Tuesday Improves Internet Explorer's Security and Features

by João Paulo Marques on Aug 27, 2014 |

In their latest Patch Tuesday, Microsoft issued 9 bulletins covering a total of 37 common vulnerabilities and exposures (CVE) spread across some of their products. This release contains two bulletins marked as critical, MS14-043 and MS14-051. The first relates to a Windows Media Center vulnerability while the last involves Internet Explorer (considered the most important because of the amount and seriousness of CVEs fixed). The remaining seven bulletins are associated to Microsoft Office, SQL server, Windows Server and .Net framework. Each had an "Important" rating from Microsoft and leaves users open to a mix of remote code execution, elevation of privilege and security bypass exploits.

The update for Internet Explorer provides the fixes for 26 CVEs as well as feature improvements. The majority of vulnerabilities concerns to memory corruption issues. The most severe of these could allow for arbitrary remote code execution if a user views a specially crafted Web page. Microsoft said in the security bulletin that: "An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.".

While Microsoft fixed important security flaws some improvements were also included for Internet Explorer 11. Starting with the F12 Developer Tools there was some substantial changes in the user interface, console, DOM explorer, debugger, emulation tool, UI responsiveness and memory profiling tools. The WebGL renderer was updated with support for ANGLE_instanced_arrays, OES_element_index_uint and WEBGL_debug_renderer_info extensions, the failIfMajorPerformanceCaveat context creation attribute, 16-bit textures, more GLSL conformance, and line loop and triangle fan primitives. According to Microsoft this update boosts Khronos WebGL Conformance Test 1.0.3 from 89.9% to 96.8%.

This cumulative update also introduced an out-of-date ActiveX control blocking and the WebDriver standard which Web developers can use to take advantage of tests automation that mimics real user actions. There were some changes in the browser's engine and Microsoft will soon release a separate package to enable the execution of WebDriver scripts.

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Educational Content

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT