Microsoft patches critical drive-by IE9 bug, Windows zero-day
But what got Miller and Storm to pay attention wasn't so much the IE9 update but that it followed June's cumulative patch for Microsoft's browser.
Microsoft has long used an every-other-month tempo for IE update, shipping patches for its browser only on even-numbered months. Today, the company quit that habit.
"We have ... increased our Internet Explorer resources to the point where we will be able to release an update during any month instead of on our previous, bi-monthly cadence," said Yunsun Wee, a director in Microsoft's Trustworthy Computing group, in a post to the Microsoft Security Response Center (MSRC) blog.
Storms praised Microsoft decision to ditch the bi-monthly updates. "IE is the most-used application in Windows, so it ought to be updated as soon and as often as possible," he said.
Miller agreed. "Bi-monthly is just too long between updates," Miller said. "I'd rather have it patched sooner than later."
Other browsers, notably Google's Chrome and to a lesser extent, Mozilla's Firefox, have been patched much more frequently than every-other month: Chrome often receives several security updates each month, while Firefox is regularly patched every six weeks.
While some researchers assumed that Microsoft has added staff to streamline its testing of IE updates -- and thus be able to turn around patches faster -- Storms did not. Instead, he saw the shift to possible monthly IE patching as simply a mechanism for getting out fixes as they're completed, rather than waiting for the next bi-monthly cycle.
Also on the top-three list of Microsoft, Miller and Storms is MS12-045, a one-patch critical update for Microsoft Data Access Components (MDAC), code that lets Windows access databases such as Microsoft's own SQL Server.
MDAC was last updated by Microsoft in August 2011.
"All three of the critical updates patch vulnerabilities that can be effectively exploited through the browser, including MS12-045," said Storms. Because such attacks do not require any user interaction -- other than to be suckered into surfing to a malicious site -- they're dubbed "drive-by attacks," and as such are considered the most dangerous to users and the most likely to be leveraged by attackers.
Microsoft also patched SharePoint, its enterprise-grade collaboration platform; Office for Mac 2011, the newest edition of that suite; Visual Basic for Applications; and other parts of Windows, including kernel mode drivers and the Windows Shell.
July's nine security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through WSUS.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts