August Patch Tuesday Improves Internet Explorer's Security and Features

| by João Paulo Marques Follow 0 Followers on Aug 27, 2014. Estimated reading time: 1 minute |

In their latest Patch Tuesday, Microsoft issued 9 bulletins covering a total of 37 common vulnerabilities and exposures (CVE) spread across some of their products. This release contains two bulletins marked as critical, MS14-043 and MS14-051. The first relates to a Windows Media Center vulnerability while the last involves Internet Explorer (considered the most important because of the amount and seriousness of CVEs fixed). The remaining seven bulletins are associated to Microsoft Office, SQL server, Windows Server and .Net framework. Each had an "Important" rating from Microsoft and leaves users open to a mix of remote code execution, elevation of privilege and security bypass exploits.

The update for Internet Explorer provides the fixes for 26 CVEs as well as feature improvements. The majority of vulnerabilities concerns to memory corruption issues. The most severe of these could allow for arbitrary remote code execution if a user views a specially crafted Web page. Microsoft said in the security bulletin that: "An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.".

While Microsoft fixed important security flaws some improvements were also included for Internet Explorer 11. Starting with the F12 Developer Tools there was some substantial changes in the user interface, console, DOM explorer, debugger, emulation tool, UI responsiveness and memory profiling tools. The WebGL renderer was updated with support for ANGLE_instanced_arrays, OES_element_index_uint and WEBGL_debug_renderer_info extensions, the failIfMajorPerformanceCaveat context creation attribute, 16-bit textures, more GLSL conformance, and line loop and triangle fan primitives. According to Microsoft this update boosts Khronos WebGL Conformance Test 1.0.3 from 89.9% to 96.8%.

This cumulative update also introduced an out-of-date ActiveX control blocking and the WebDriver standard which Web developers can use to take advantage of tests automation that mimics real user actions. There were some changes in the browser's engine and Microsoft will soon release a separate package to enable the execution of WebDriver scripts.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you