Internet Explorer Bugs Still Haunt Microsoft

In the latest “Patch Tuesday” update for Windows, Microsoft fixed 53 security bugs, of which 17 critical, spanning 15 products. More than half of the critical security bugs affected Internet Explorer, which even though users may not see in Windows 10 anymore, still exists as a legacy fallback for the Edge browser.

Multiple Microsoft Products Affected

Microsoft issued patches for 53 security bugs in the latest update, with most of the bugs found in Microsoft’s own products, such as:

  1. Internet Explorer
  2. Microsoft Edge
  3. Microsoft Windows
  4. Microsoft Office and Microsoft Office Services and Web Apps
  5. ChakraCore
  6. Adobe Flash Player
  7. .NET Framework
  8. ASP.NET
  9. Microsoft Research JavaScript Cryptography Library
  10. Skype for Business and Microsoft Lync
  11. Visual Studio
  12. Microsoft Wireless Display Adapter V2 Software
  13. PowerShell Editor Services
  14. PowerShell Extension for Visual Studio Code
  15. Web Customizations for Active Directory Federation Services

Internet Explorer Security Curse

Ten of the 17 critical bugs affected Microsoft’s Internet Explorer, which the Edge browser still uses whenever a website is compatible only with Internet Explorer technology and not with Edge.

This is why Internet Explorer has continued being a security headache for Microsoft years after Edge was introduced. Internet Explorer support is also the primary reason why Microsoft tends to lose the annual Pwn2Own browser hacking competitions and why Edge is not considered as secure as Chrome.

Attackers will likely continue to exploit Internet Explorer until Windows 7 and Windows 8.1 are out of the picture. Edge came as default only for Windows 10, so even if Microsoft drops support for Internet Explorer in Windows 10, the company will still have to support it for as long as it continues to support the Windows 7 and 8.1 operating systems. The Internet Explorer security curse will haunt Microsoft for many more years.

Despite Internet Explorer being the “star” of this month’s Patch Tuesday, the Edge browser wasn’t exactly bug-proof either, as Microsoft had to fix five vulnerabilities in it, too, most of them information disclosure bugs.

In this latest Patch Tuesday Microsoft also issued patches for some of Adobe’s products, including Flash Player, so you may not want to skip this update. Windows 10 users should be getting these patches automatically, but Windows 7 a 8.1users may have to download them manually from Microsoft’s Update Catalog (which still only works with Microsoft’s own browsers).

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • dextermat
  • Ilya__
    MS will celebrate for weeks the day they retire IE completely.
  • Christopher1
    ILYA__, that will never happen and Edge has its own plethora of vuln's.
    The only way that Microsoft would 'celebrate' would be if they totally got rid of web browsers period.