IE Security Update - updated

I did my updates this morning. Windows 7 IE 11. There were two updates to do. I checked both boxes and everything went well.
Don

epmes wrote:

Third, of course IE has vulnerabilities. All large software packages have vulnerabilities. What's ironic about some guidance is that people seem to think that Chrome and Firefox are without problems, when in fact they have significantly MORE vulnerabilities than IE. Check Secunia Vulnerability Review or the Symantec Internet Security Threat Report or go straight to the US National Vulnerability Database and do your own searches if you don't believe me. The truth is that if someone wants to target your company, they'll target exploits against whatever browser, OS, and other software you're using. IE consistently comes up as more secure than other browsers in security tests--which is why nearly all governments, financial institutions, etc. use IE in the first place--but it's hard to stack up empirical evidence against some guy in a relative's computer club.

Browsers are among the most patched applications for vulnerabilities, as they have become a chief vehicle for malware exploits. And the data appears to indicate that both Chrome and Mozilla required more security patches for vulnerabilities than IE.

Source: GFI.com

But, according to the latest 2013 compiled annual data from the mentioned US National Vulnerability Database, IE had the most number of high reported vulnerabilities, as compared to either Chrome or Firefox. Along with the highest percent increase of vulnerabilities from the previous year. Chrome also saw a significant jump, while Firefox was on the decline.

In a way, I can understand that the openness of Firefox and Chrome architecture, especially to third party access of extensions, can lend itself to requiring more ongoing security patching. But the tighter integration of IE to the OS can also possibly lead to unique security issues, not present in other browsers.

Personally, I prefer Firefox as I can harden the security of personal info/settings files such as passwords through separate encryption quite easily. Can even do so with Chrome, though not as straight forward. However, cannot easily do so in IE without encrypting the entire application, not to mention possibly the OS itself.

As for which browser has required the fewest security patches for vulnerabilities? It's more likely Safari.

Just successfully updated my systems, though my WIN 7 desktop updates would freeze when trying to download and install any of them. Turns out it was likely due to the downloads being corrupted, though don't believe it was on Microsoft's end. Suspected it may be either my AV or firewall, but turns out the likely culprit was a network bandwidth monitoring app that was somehow corrupting packets.

The solution was to stop both Windows Updates and Background Intelligent Transfer Services in services.msc, and deleting all cache files in Windows SoftwareDistribution folder. Rebooted and allowed Windows to re-build those files. Windows Updates now works normally. But didn't realize my desktop was missing almost a month of updates due to this issue.

ChopperBill wrote:
My dad belongs to a computer club. Here is an part of an email he got from one member.
"Microsoft will issue a patch for IE on Tuesday which will fix the program code exploit for all versions of IE and for all versions of Windows. My advice is to be sure to install the patch (Windows Update) on Tuesday or Wednesday. Then quit using IE forever and switch to Chrome or Firefox. Hackers will continue to find weaknesses in IE in the future exposing users to exploits."

Sorry, this is technically inaccurate on a few fronts.

First, the patch was issued yesterday (Thursday) and pushed out through Automatic Updates. It does have prerequisites, though, and assumes that you've been updating your system with other security updates. If you haven't, AU will install those updates first.

Second, we haven't announced what will be in the Patch Tuesday update yet. That's the second Tuesday of the month, not this coming Tuesday, so it's still 11 days away.

Third, of course IE has vulnerabilities. All large software packages have vulnerabilities. What's ironic about some guidance is that people seem to think that Chrome and Firefox are without problems, when in fact they have significantly MORE vulnerabilities than IE. Check Secunia Vulnerability Review or the Symantec Internet Security Threat Report or go straight to the US National Vulnerability Database and do your own searches if you don't believe me. The truth is that if someone wants to target your company, they'll target exploits against whatever browser, OS, and other software you're using. IE consistently comes up as more secure than other browsers in security tests--which is why nearly all governments, financial institutions, etc. use IE in the first place--but it's hard to stack up empirical evidence against some guy in a relative's computer club.

Much better advice would be to not click on email links that take you to sites you don't know or trust, and update your systems. This is always good advice, and would prevent this kind of attack in the first place.

Disclaimer: I work for Microsoft, and it's been a long week.

Did my laptop and desk top both win 7, both updated ok.The desk top was 4 updates three dated 5-2 and one dated 5-1.

ChopperBill wrote:
My dad belongs to a computer club. Here is an part of an email he got from one member.
"Microsoft will issue a patch for IE on Tuesday which will fix the program code exploit for all versions of IE and for all versions of Windows. My advice is to be sure to install the patch (Windows Update) on Tuesday or Wednesday. Then

quit using IE forever

and switch to Chrome or Firefox. Hackers will continue to find weaknesses in IE in the future exposing users to exploits."

X2
I switched to Firefox for just that reason THEN my stupid bank revamped their website and will NOT work 100% unless you use IE. :R

I'm on the road 1,500 miles away from a branch bank. I can't deposit, can't transfer etc. They told me to use my cell phone for my banking because their site seems to work from mobile banking. Ya right I will be doing my banking on my open cell phone.

What WAS this well known bank thinking making their online banking only compatible with IE and especially with all the news of compromised sites.

"I" am starting think there is something fishy with all this and the big G has got some fingers in it. Microsoft did announce that the biggest customer they have for XP is banks, government offices, etc. and they can't switch over so Microsoft said they will still continue to patch IE for them. Hmmm.

Hey Gdetrailer, good catch on the TechNet article. I checked my update history and had the prerequisite update installed on 4/16.

My dad belongs to a computer club. Here is an part of an email he got from one member.
"Microsoft will issue a patch for IE on Tuesday which will fix the program code exploit for all versions of IE and for all versions of Windows. My advice is to be sure to install the patch (Windows Update) on Tuesday or Wednesday. Then quit using IE forever and switch to Chrome or Firefox. Hackers will continue to find weaknesses in IE in the future exposing users to exploits."

Per Microsoft

HERE

Customers running Internet Explorer 11 on Windows 7 or Windows Server 2008 R2, must first install the 2929437 update released in April, 2014 before installing the 2964358 update. For more information about this prerequisite update, see Microsoft Knowledge Base Article 2929437.

You may have missed a update which was issued April 2014 or you were not directly connected via network cable (using wireless connection) and the download was corrupted.

Not sure if MS is issuing "fix it" utilities but that was how I managed to correct a corrupted Windows Update which was in an endless loop of failed installs.

Unfortunately MS has severely bungled the update process and fixing it is often frustrating.

You could try running a restore point before the update and see if that clears the problem.