Buyer Beware: No IE Patch Expected Before Christmas Shopping Season

Microsoft may be taking a bit of a breather, but that doesn’t mean an easy month for IT managers this patch Tuesday. Following the biggest patch Tuesday on record last month, Microsoft is catching its breath, with just three bulletins to be issued for November. Only one is critical, but all three may require a re-start.

While it may be a quieter month for patches, there’s still the matter of the Internet Explorer vulnerability that was discovered in the wild being used in ‘drive-by’ hacks that allow an attacker to perform a remote code execution, loading malware onto a visiting user’s network.

Despite this vulnerability affecting IE versions 6, 7 and 8 there continues to be no mention of it and Microsoft, despite issuing a work around, is not expected to release an out of band patch.

This could leave many users waiting for more than a month before they know they are fully protected from this threat, because a work around typically is not implemented by the majority of users. On the run up to Christmas, with industry experts predicting online shopping in the UK to increase by 23 per cent from 2009, it seems rather surprising that Microsoft haven’t prioritised a patch.

In other patch news, Mozilla released Firefox 3.6.12 and Firefox 3.5.15 to patch a vulnerability that had been exploited by malware secretly planted on the Nobel Peace Prize website, which redirected users to a Taiwanese attack server that launched a JavaScript-based exploit, which if successful, planted a Trojan horse on victimized Windows PCs.

Adobe Systems plans to release a patch by Thursday to address a critical vulnerability in Adobe Flash Player. And, a local privilege escalation vulnerability that could allow attackers to execute malicious code with root rights was patched in the newly released Linux kernel 2.6.36.

So it might be a quieter month on the Microsoft front, but IT managers will still have their hands relatively full with a number of other notable patches from Adobe, Mozilla and Linux to contend with.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Alan Bentley is Senior Vice President of International Sales at Lumension Security. In this role, he is responsible for overseeing and driving sales and marketing efforts in Asia Pacific and EMEA. An industry veteran with over 10 years experience in the IT security industry, Alan is responsible for leading teams in EMEA and APAC and elevating brand awareness, thought leadership and increasing market penetration to drive growth in the respective markets. Prior to Lumension, Alan held executive management roles in security organisations based across the UK including Global Secure Systems and Ellipse Distribution. Prior to entering the security industry, Alan held sales roles for MAN Roland, a German based company in the printing industry and Hanson, a UK company in the construction industry. Alan holds a degree from Brunel University with a BA (Hons) in European Business Studies. He also completed his PGCE at Roehampton Institute.