Exploits & Vulnerabilities
June Patch Tuesday: Internet Explorer Finally Laid to Rest
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators.
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators. For the former, the number of bulletins issued this month is, at 50, far lower than we’ve become accustomed to in recent months. The latter group, however, has much better news to process this month: Internet Explorer support finally comes to an end.
June Patches: Fifty Bulletins, But Only Five Critical
Of this month’s 50 bulletins, only five were rated by Microsoft as Critical. One of these bulletins covers a vulnerability in Microsoft Defender (CVE-2021-31985). Both this and a second denial-of-service vulnerability in Defender (CVE-2021-31978) were submitted by Google’s Project Zero. Eight of these bulletins were submitted via the Zero Day Initiative. Six of the patched vulnerabilities were described by Microsoft as being currently attacked, with three vulnerabilities already known before today’s patches.
While the patches do cover the usual gamut of Microsoft products, some products/components did have multiple bulletins this month. SharePoint might be the most significant as it was covered by seven bulletins (one Critical, six Important). 3D Viewer, Paint 3D, and the NFS server were all covered by multiple bulletins as well.
Internet Explorer hits the end of the line
Since the introduction of Microsoft Edge several years ago, Microsoft has been attempting to phase out Internet Explorer. However, because of significant usage by enterprises, it could not be phased out immediately – and indeed, has still been serviced with security patches regularly since then.
This all comes to an end this month, however, as Internet Explorer is due to be retired officially on June 15. After this date, Internet Explorer will not even run and users will be redirected to Microsoft Edge instead.
This brings an end to the usage of Internet Explorer, which formerly had a dominant market share of the web browser market. However, it has largely been surpassed by more modern browsers for many years. Both IT and website administrators are sure to breath a sigh of relief at this development.
Trend Micro Solutions
A proactive, multilayered approach to security is key against threats that exploit vulnerabilities — from the gateway, endpoints, networks, and servers.
The Trend Micro™ Deep Security™ solution provides network security, system security, and malware prevention. Combined with Vulnerability Protection, it can protect user systems from a wide range of upcoming threats that might target vulnerabilities. Both solutions protect users from exploits that target these vulnerabilities via the following rule:
- 1010981 - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2021-31959)
TippingPoint® Next-Generation Intrusion Prevention System (NGIPS) is a network traffic solution that uses comprehensive and contextual awareness analysis for advanced threats that exploit vulnerabilities.
TippingPoint protects customers through the following rule:
- 39854: HTTP: Microsoft Edge JIT Object PropertyId Type Confusion Vulnerability (CVE-2021-31959)