February 11 was “Safer Internet Day,” a world-wide event organized to promote “more responsible use of online technology …”
I’d rather have a safe Internet year, which always includes keeping Internet Explorer up to date — along with adding other critical security fixes.
A slew of IE fixes for possible remote attacks
Celebrating Safer Internet Day (site) is all well and good, but staying safe throughout the year requires slogging through Windows and application updates. This Patch Tuesday’s Internet Explorer patch fixes 24 vulnerabilities, most susceptible to remote code-execution exploits.
KB 2909921 is a critical update for IE versions 6–11, on all supported Windows workstations.
If you’re still running IE9, KB 2909921 will fix a related VBScript threat. But all other supported versions of IE need KB 2928390, discussed in the next item.
Those of you who have Microsoft’s Enhanced Mitigation Experience Toolkit (EMET, site) installed (with the default settings) are already protected from drive-by attacks (more info) that might exploit this bundle of vulnerabilities. Nevertheless, I recommend keeping IE up to date, even if you use another browser such as Chrome or Firefox. As I’ve noted numerous times, IE is deeply integrated into the Windows operating system.
What to do: Attacks using the vulnerabilities patched by KB 2909921 (MS14-010) could appear soon. Install this update when offered.
MS14-011 (2909210, 2909212, 2909213)
Web browsers scripting up more risks