| By Susan Bradley |
It seems like every other month is an especially large Patch Tuesday, but this week’s is the largest we’ve ever had.
The flood of patches — including fixes for Internet Explorer — leaves no room for the update chart in the newsletter; you’ll find it in the Windows Secrets Lounge via the link at the bottom of this story.
MS11-018 (2497640), MS11-019 (2511455), MS11-020 (2508429)
Start with these three critical updates
Because of the volume of updates this month, I’ve organized them by priority, starting with the three most critical: one for Internet Explorer (MS11-018; KB 2497640) plus two for Microsoft’s SMB Client (MS11-019; KB 2511455) and SMB Server (MS11-020; KB 2508429).
The update detailed in MS11-018 affects Internet Explorer Versions 6–8 but not IE 9. Even so, I recommend that businesses hold off on IE 9 until I finish testing it. (I’ll report my findings later this month.) In the meantime, Microsoft has already rolled out a preview of IE 10, as announced on an MSDN IEBlog page.
These IE patches were no surprise: they fix flaws revealed at the Pwn2Own hacking contest held during the recent CanSecWest Security conference. As noted in a Microsoft SRD blog, it took three blended vulnerabilities to attack a fully patched IE 8 machine. However, more IE 8 patches are in store, according to the blog — there are more vulnerabilities that Microsoft is still testing that do not pose a direct threat.
The patch also includes five nonsecurity fixes, including one for an IE 8 flaw that causes the browser to flicker on some computers with hybrid graphics.