In the latest “Patch Tuesday” update for Windows, Microsoft fixed 53 security bugs, of which 17 critical, spanning 15 products. More than half of the critical security bugs affected Internet Explorer, which even though users may not see in Windows 10 anymore, still exists as a legacy fallback for the Edge browser.
Multiple Microsoft Products Affected
Microsoft issued patches for 53 security bugs in the latest update, with most of the bugs found in Microsoft’s own products, such as:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Adobe Flash Player
- .NET Framework
- Skype for Business and Microsoft Lync
- Visual Studio
- Microsoft Wireless Display Adapter V2 Software
- PowerShell Editor Services
- PowerShell Extension for Visual Studio Code
- Web Customizations for Active Directory Federation Services
Internet Explorer Security Curse
Ten of the 17 critical bugs affected Microsoft’s Internet Explorer, which the Edge browser still uses whenever a website is compatible only with Internet Explorer technology and not with Edge.
This is why Internet Explorer has continued being a security headache for Microsoft years after Edge was introduced. Internet Explorer support is also the primary reason why Microsoft tends to lose the annual Pwn2Own browser hacking competitions and why Edge is not considered as secure as Chrome.
Attackers will likely continue to exploit Internet Explorer until Windows 7 and Windows 8.1 are out of the picture. Edge came as default only for Windows 10, so even if Microsoft drops support for Internet Explorer in Windows 10, the company will still have to support it for as long as it continues to support the Windows 7 and 8.1 operating systems. The Internet Explorer security curse will haunt Microsoft for many more years.
Despite Internet Explorer being the “star” of this month’s Patch Tuesday, the Edge browser wasn’t exactly bug-proof either, as Microsoft had to fix five vulnerabilities in it, too, most of them information disclosure bugs.
In this latest Patch Tuesday Microsoft also issued patches for some of Adobe’s products, including Flash Player, so you may not want to skip this update. Windows 10 users should be getting these patches automatically, but Windows 7 a 8.1users may have to download them manually from Microsoft’s Update Catalog (which still only works with Microsoft’s own browsers).
The only way that Microsoft would 'celebrate' would be if they totally got rid of web browsers period.