June’s security updates are officially the last for Win8.1. Many of the following updates have separate patches for those who have not moved to Win8.1 Update.
Plus: There’s a new variant of the infamous CryptoLocker: CryptoWall exploits Microsoft’s Silverlight.
MS14-035 (2957689, 2963950)
June’s Internet Explorer update is a doozy
The two patches in MS14-035 fix a whopping 59 IE vulnerabilities. Two of them were publicly disclosed; the other 57 were revealed during investigations of other “in the wild” exploits. XP users should keep in mind that they won’t receive this critical update. (The patches are rated important on servers.)
Windows 8.1 machines that do not have KB 2919355 installed will receive only KB 2963950, if they’re behind a corporate patching platform — as will IE 11/Win7 systems that do not have KB 2929437, an April cumulative IE update. (Note that neither patch is offered via the Microsoft Download Center.)
Also, look for Adobe’s usual Flash Player update typically released on Microsoft’s Patch Tuesday.
What to do: Install either KB 2957689 or KB 2963950 (MS14-035) when offered.
Uninstall to protect from CryptoWall
A headline on an Internet Storm Center forums page caught my attention. It notes that even though the threat of CryptoLocker has faded, a variant called CryptoWall is alive and kicking. It’s using Flash, Java, and Microsoft’s Silverlight to sneak into computers.