This month's Microsoft Patch Tuesday has almost arrived. This time out the tech giant has given advance notification that there will be seven fixes rolled out including two critical patches. The issues that are tackled by these patches are remote execution bugs in Windows, Internet Explorer (versions 6-11 depending on OS level), Office and Lync. I should note that the two critical patches require a system restart after they are applied.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
- Set Internet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone- Install EMET, The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit vulnerabilities in a given piece of software. EMET helps to mitigate this vulnerability in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer. For more information about EMET, see The Enhanced Mitigation Experience Toolkit.