Microsoft to patch 34 flaws
Microsoft is to patch 34 flaws in its products this month, including one that would let attackers access personal data via Internet Explorer.
Microsoft will release the ten patches next week, as part of its monthly Patch Tuesday update cycle.
There are three critical patches, including one affecting a bug in older versions of Internet Explorer that was first reported in February. The flaw could allow a hacker to access a user’s data.
“Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location,” Microsoft noted in a security bulletin.
Protected Mode runs by default in IE on Windows 7 and Vista, but not in XP.
The other two critical patches fix flaws that would allow remote code execution in various versions of Windows. The remaining seven patches are all rated important by Microsoft, including another four in Windows and two in Office.