Redmond has ordered Windows 7 users to apply an April update so they can receive June’s patches for its Internet Exploder 11.
Writing in its security bog, Vole said that in order to receive June’s critical update (MS14-035) and all future IE 11 patches, users would need to speed up testing of April fix MS14-18, which addressed handling of objects in memory, KB2919355, or KB2929437.
Effectively Microsoft has stopped serving security updates to Internet Explorer 11 (IE11) on consumer and small business Windows 7 PCs unless the customer has successfully applied an April update for the browser.
The latest fix, released June 10, addressed 59 security vulnerabilities in Internet Explorer, the most severe of which could allow remote code execution when users pointed their browsers to specially crafted web sites.
“These vulnerabilities by themselves do not allow arbitrary code to be run. However, these vulnerabilities could be used in conjunction with another vulnerability (e.g., a remote code execution vulnerability) that could take advantage of the elevated privileges when running arbitrary code,” Microsoft said in a MS14-035 note.
“In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit these vulnerabilities.
“For example, an attacker could trick users into clicking a link that takes them to the attacker’s site.”
Users running IE 11 would miss out on browser fixes without update 2919355 for Windows 8.1 or Windows Server 2012 R2, or update 2929437 for Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1.
Microsoft has broadcast similar requirements for consumers and enterprises related to Windows 8.1. Any Windows 8.1 PC retrieving patches from Windows Update must have had Windows 8.1 Update installed to get June’s security patches; businesses have until August 12 to do the same.