This month’s Patch Tuesday can be considered lighter than
last month’s, with only
eight security bulletins released for June. Of the eight, two are considered Critical while the remaining are rated Important.
Just like last month, there is a critical, cumulative update for Internet Explorer.
MS015-056 aims to resolve vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. According to the bulletin, the patch addresses the vulnerability by:
- Preventing browser histories from being accessed by a malicious site
- Adding additional permission validations to Internet Explorer
- Modifying how Internet Explorer handles objects in memory
The first bullet point above is worth paying attention to. Previously, it was possible for an attacker who lured a victim to a malicious (or compromised) web site and access the user’s browser history. Obviously, many users would find this disclosure somewhat troubling. This vulnerability has now been patched, and there are no indications it was exploited in the wild.
