The Internet Explorer team at Redmond has had a busy few weeks. The company has just released its Patch Tuesday updates for March 2014, and they address no less than 18 issues in the web browser.
All but two were privately reported, and one of the public vulnerability is reportedly being used to by cybercriminals to attack computers running Internet Explorer 10.
This zero-day vulnerability affecting Internet Explorer was first reported in February, and it is taken care of in the MS14-012 bulletin. Microsoft confirmed a month or so back that this issue allows remote code execution if a user views a specifically crafted webpage using an affected version of the browser.
This is what Microsoft has to say in a security advisory:
“An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Other than these two public issues, sixteen privately reported flaws are also fixed in this update that is tagged Critical by the software titan, for Windows and Windows Server.
At the same time Microsoft also worked with Adobe to resolve some privately disclosed vulnerabilities in Adobe Flash Player for Internet Explorer 10 and 11 on Windows 8 and 8.1.
All these updates are automatically being delivered to computers via the Windows Update feature.