Microsoft has released its newest round of security updates, and the patches included this time affect a wide range of products, including vulnerabilities in its Internet Information Services (IIS). According to its website, this round includes 14 total new bulletins, with 4 of the 40 addressing fixes rated at a "critical" level of severity and the majority being listed as merely "important."
ComputerWeekly has reported that the company is "holding back" two security bulletins from the original list, although it also noted that, as one security specialist said, it is "not uncommon" for some patches to be retracted before the launch.
Some of the updates concern Microsoft users' abilities to work remotely. On the list of bulletins, Microsoft describes the effects of MS14-076, a patch that affects IIS and is rated "important" for six different types of operating systems.
"This security update resolves a privately reported vulnerability in Microsoft Internet Information Services (IIS) that could lead to a bypass of the "IP and domain restrictions" security feature," it reads. "Successful exploitation of this vulnerability could result in clients from restricted or blocked domains having access to restricted web resources." The affected software includes Windows 8 and *.1 as well as Windows Server 2012. MS14-074 also affects remote access, as it specifically concerns a possible security feature bypass.
In addition to fixing these vulnerabilities and applying all future relevant patches, enterprises should make sure they are using a web based terminal emulator that is secure on its own and compatible with the preferred version of Windows. A secure mainframe access solution means that your company will stay protected and exert more control over its active applications.