Microsoft released its monthly security update today that fixes a critical flaw in Internet Explorer (IE).
Users are being advised to update their systems following the release of Microsoft’s monthly Patch Tuesday security update, as the May edition includes a critical fixes for zero-day vulnerability in IE and one other flaw rated by the company as a critical security risk.
If exploited, the flaws could allow an attacker to remotely execute code on a targeted system.
Microsoft has listed the critical patches as a top deployment priority as do most of us in the industry.
The flaws impacted every current supported version of both IE and Windows, along with the zero-day status make the deployments an important fix for all users.
Other security issues addressed in the update include eight bulletins rated by Microsoft as important security risks. The flaws include remote code execution as well as a denial of service and another elevation of privilege flaw which could prove to be bigger issues for some customers.
Administrators of Windows Server 2012 systems need to patch as a flaw in the HTTP.sys component could be targeted to perform denial of service attacks, possibly crippling a system and preventing user access for the duration of the attack.
Similarly, a flaw in Windows XP could be exploited in conjunction with other attacks.
Windows XP is not recommend to be run as the dated platform has security concerns, such as an attacker could potentially target one of the Internet Explorer flaws to access a system and then target the elevation privilege flaw to gain total control over the system and potentially wreak further havoc.
Support for Windows XP is ending on April 8, 2014. If you’re running this version after support ends, you won’t get security updates for Windows.