May updates highlight the ongoing vulnerabilities in XP and the continuing push to move Windows 8.1 users to Win8.1 Update.
I’m changing the rules on .NET updates. Windows 8 and Office 2013 users will see another heavy batch of updates; concentrate on the security updates and leave most of the nonsecurity fixes for later.
MS14-029 (2953522, 2961851)
Warm up with the monthly Internet Explorer fix
For Vista, Win7, and Win8 users, KB 2953522 and KB 2961851 are the usual monthly updates for IE. In this instance, the patches fix two new vulnerabilities in IE. Both patches are rated critical for Windows workstations.
For XP users, it’s another reminder that the use of IE is becoming only more dangerous. There are no XP updates for IE — nor will there be for the general public. XP systems are clearly becoming more vulnerable to drive-by attacks via Web browsers.
If you’re still running XP and must go online with IE, I suggest making the following settings changes. Be aware that these are noisy settings — they’ll probably drive you crazy with popup warnings.
- In Internet Explorer, click Internet Options on the Tools menu.
- Click the Security tab.
- Click Internet and then click the Custom level button.
- In the Settings list, scroll down to Scripting (it’s near the bottom of the list) and, under Active scripting, click either Disable or Prompt (see Figure 1). Then click OK.
- Now click Local intranet and then click Custom level.
- In Settings, again scroll down Scripting/Active scripting and click either Disable or Prompt. Click OK.
- Click OK to return to Internet Explorer.
For supported versions of Windows, keep in mind that this is not a cumulative security update. Be sure you’ve installed the earlier updates released in MS14-018 (IE 6, 7, 8, and 10) or MS14-012 (IE 11).