Security
Now Reading
KB3087985 and KB3088903 Windows Updates fix security issues in Internet Explorer versions 7 to 11
0

KB3087985 and KB3088903 Windows Updates fix security issues in Internet Explorer versions 7 to 11

by AshwinAugust 19, 2015

Microsoft has rolled yet another Windows Update today.

KB3087985-Windows-Update

But the latest update, isn’t exclusive to Windows 10.

The update is being rolled out to all supported versions of Windows, from Vista to 10. This is because a security vulnerability has been found, which affects Internet Explorer 7 to 12.

The vulnerability which has been found, is once again related to remote code execution. This could allow an attacker to breach a computer, when the user visits a malicious webpage. The attacker, will then gain the same user rights as the current user. Naturally guest users, will have limited rights, and these accounts may not be as severly affected, as users who had admin rights, which gives the attacker full access to the system.

The KB3088903 security update fixes the loophole, by changing the way Internet Explorer handles objects in memory. If this issue sounds a bit familiar, your guess is correct. About eight days ago, Microsoft rolled out a Cumulative Update for Windows 10, called KB3081436, which contained several updates, two of which are noteworthy ones: KB3084525 and KB3082442. These security patches, were supposed to fix the issue mentioned above (reported in the Microsoft Security Bulletin MS15-091) in Microsoft Edge, and Internet Explorer on Windows 10.

How the KB3088903 Windows Update will be delivered to users:

For Windows 10:

KB30814444 which was rolled out to Windows 10 today, contains the KB3088903 Windows Update. And yes, this is a cumulative update once again,  which requires the user to restart the computer from the Settings App.

Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1

All other versions of Windows (from Vista to 8.1) will get the KB3087985 security update instead, which fixes the issue. Unlike the update for Windows 10, KB3087985 is not a cumulative update. Users must first install the pre-requisite KB3078071 update, which was released a week ago, on August 11, and then install KB3087985, in that order.

You can wait for Windows Update to download the update automatically, or manually check for updates. You can also download and install the update manually from the Microsoft Security Bulletin MS15-093 page. Scroll down to the “Affected Software” section and choose the update according to the Windows version and bit-architecture of your computer.

Note: Microsoft has marked these updates as critical ones, and so I would advise readers, to install it as soon as possible to secure your computers. There are no reported workarounds for the vulnerability, available at the moment.

Leave a Response