Microsoft Fixes 41 Internet Explorer Flaws Including Exploited RCE Bug
Microsoft released security update 3034682 to address 41 vulnerabilities in Internet Explorer 6 through 11, including multiple flaws that could allow remote code execution if a user visited a specially crafted webpage. The most severe issues could let an attacker run code with the same privileges as the current user, making the risk highest on systems where users have administrative rights. Microsoft rated the bulletin Critical for affected Windows client systems and Moderate for affected Windows server systems.
The bulletin said one flaw, CVE-2015-0071, had been exploited in the wild, while CVE-2014-8967 had been publicly disclosed before the patch was issued. Microsoft said the update corrects memory corruption and permission-validation issues, improves ASLR behavior, and strengthens cross-domain policy enforcement. It also noted that systems running Internet Explorer 9, 10, and 11 require updates 3021952 and 3034196 for full protection, with 3023607 and, on some platforms, 3036197 also potentially installed automatically.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
16 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes Security Bulletin MS15-019
Microsoft published Security Bulletin MS15-019, a separate critical security bulletin from the MS14-056, MS14-065, MS15-009, MS15-018, and MS15-032 entries already in the timeline. This represents a distinct Microsoft vulnerability disclosure and patch release event.
Microsoft publishes Security Bulletin MS15-018
Microsoft published Security Bulletin MS15-018, a separate critical security bulletin from the MS14-056, MS14-065, MS15-009, and MS15-032 entries already in the timeline. This represents a distinct Microsoft vulnerability disclosure and patch release event.
Microsoft publishes Security Bulletin MS14-056
Microsoft published Security Bulletin MS14-056, a separate critical security bulletin from the MS14-065, MS15-009, and MS15-032 entries already in the timeline. This represents a distinct Microsoft vulnerability disclosure and patch release event.
Microsoft publishes Security Bulletin MS14-052
Microsoft published Security Bulletin MS14-052, a separate critical security bulletin from the MS14-056, MS14-065, MS15-009, MS15-018, MS15-019, and MS15-032 entries already in the timeline. This represents a distinct Microsoft vulnerability disclosure and patch release event.
Microsoft publishes Security Bulletin MS14-051
Microsoft published Security Bulletin MS14-051, a distinct critical security bulletin not already represented in the existing timeline. This constitutes a separate Microsoft vulnerability disclosure and patch release event.
Microsoft publishes Security Bulletin MS14-037
Microsoft published Security Bulletin MS14-037, a distinct critical security bulletin not already represented in the existing timeline. This constitutes a separate Microsoft vulnerability disclosure and patch release event.
Microsoft publishes Security Bulletin MS14-035
Microsoft published Security Bulletin MS14-035, a distinct critical security bulletin not already represented in the existing timeline. This constitutes a separate Microsoft vulnerability disclosure and patch release event.
Microsoft publishes Security Bulletin MS14-029
Microsoft published Security Bulletin MS14-029 as a distinct critical security bulletin. This constitutes a separate Microsoft vulnerability disclosure and patch release event not already represented in the timeline.
Microsoft publishes Security Bulletin MS14-021
Microsoft published Security Bulletin MS14-021 as a distinct critical security bulletin. This constitutes a separate Microsoft vulnerability disclosure and patch release event not already represented in the timeline.
Microsoft publishes Security Bulletin MS14-018
Microsoft published Security Bulletin MS14-018 as a distinct critical security bulletin. This constitutes a separate Microsoft vulnerability disclosure and patch release event not already represented in the timeline.
Microsoft publishes Security Bulletin MS14-010
Microsoft published Security Bulletin MS14-010, a distinct critical security bulletin not already represented in the existing timeline. This constitutes a separate Microsoft vulnerability disclosure and patch release event.
Microsoft publishes Security Bulletin MS14-012
Microsoft published Security Bulletin MS14-012 as part of its March 2014 security releases. The bulletin is listed as Critical for many client platforms and Moderate for many server platforms, affecting multiple supported Windows versions.
Microsoft publishes Security Bulletin MS15-032
Microsoft published Security Bulletin MS15-032, a separate critical security bulletin from MS15-009. This represents a distinct Microsoft vulnerability disclosure and patch release event.
Microsoft revises MS15-009 to clarify related update installation
On March 4, 2015, Microsoft revised bulletin MS15-009 to clarify installation details for related updates required for full protection on Internet Explorer 9, 10, and 11. The revision noted dependencies involving updates 3021952 and 3034196, with additional updates 3023607 and in some cases 3036197 potentially installed automatically.
Microsoft releases IE security update 3034682 in MS15-009
On February 10, 2015, Microsoft published Security Bulletin MS15-009 and released security update 3034682 for Internet Explorer. The update addressed 41 vulnerabilities in Internet Explorer 6 through 11, including a publicly disclosed flaw and an exploited vulnerability, with the most severe issues allowing remote code execution via a specially crafted webpage.
Microsoft publishes Security Bulletin MS14-065
Microsoft published Security Bulletin MS14-065, a separate critical security bulletin from the MS15-009 and MS15-032 entries already in the timeline. This represents a distinct Microsoft vulnerability disclosure and patch release event.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
18 references tracked. Mallory keeps watching after this page renders.
Microsoft Security Bulletin MS14-065 - Critical | Microsoft Learn
go.microsoft.com
Open sourceMicrosoft Security Bulletin MS14-051 - Critical | Microsoft Learn
go.microsoft.com
Open sourceMicrosoft Security Bulletin MS14-035 - Critical | Microsoft Learn
go.microsoft.com
Open sourceMicrosoft Security Bulletin MS14-010 - Critical | Microsoft Learn
go.microsoft.com
Open sourceMicrosoft Security Bulletin MS14-052 - Critical | Microsoft Learn
go.microsoft.com
Open sourceMicrosoft Security Bulletin MS14-037 - Critical | Microsoft Learn
go.microsoft.com
Open sourceMicrosoft Security Bulletin MS14-012 - Critical | Microsoft Learn
go.microsoft.com
Open sourceMicrosoft Security Bulletin Summary for March 2014 | Microsoft Learn
technet.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patches Windows Internet Shortcut RCE Exploited via Malicious URL Files
Microsoft disclosed **CVE-2025-33053**, an **Important** remote code execution flaw in **Internet Shortcut Files** that affects all supported versions of Windows and carries a **CVSS 8.8** rating. The vulnerability is tied to **CWE-73** (external control of file name or path) and can let an unauthenticated attacker execute code over a network if a user clicks a specially crafted URL. Microsoft said the bug had been **exploited in the wild**, that **functional exploit code** was available, and that security updates had been released. The advisory said the issue has implications beyond legacy browser use because underlying **MSHTML**, **EdgeHTML**, and scripting components remain supported on some platforms and are still used by **Internet Explorer mode**, the **WebBrowser control**, **WebView**, and some **UWP** applications. Microsoft also noted that **IE cumulative updates** still matter for certain older Windows Server systems, and later revised the advisory to correct the CVE title and description without changing the technical impact. Related Microsoft advisories show the flaw joins a broader pattern of remote code execution risks across Windows and server products, including **MSHTML**, **Hyper-V**, **Exchange Server**, and **SharePoint Server**.
May 25, 2026
Microsoft Patches 117 Flaws Including Exploited MMC and MSHTML Zero-Days
Microsoft released fixes for **117 vulnerabilities** across 15 product families, including **3 Critical**, **110 Important**, **3 Moderate**, and **1 Low** severity issues. Two flaws were already being exploited in the wild: `CVE-2024-43572` in **Microsoft Management Console** and `CVE-2024-43573` in the **Windows MSHTML Platform**. Microsoft also flagged eight additional vulnerabilities as more likely to be exploited within 30 days, while Windows accounted for the vast majority of the exposure with **93 CVEs** spanning remote code execution, elevation of privilege, and denial-of-service bugs. The most severe issues included `CVE-2024-43468`, a **Critical Microsoft Configuration Manager remote code execution** flaw with a **CVSS 9.8** score that requires an in-console update and additional hardening, and `CVE-2024-38124`, a **Windows Netlogon elevation of privilege** vulnerability with mitigation guidance. The release also addressed 15 Windows Mobile Broadband Driver flaws that generally require physical access or proximity, Windows 11 24H2-specific bugs such as `CVE-2024-43527` and `CVE-2024-43571`, and advisory items affecting Edge and curl-related components; Sophos said protections were available for `CVE-2024-43502`, `CVE-2024-43572`, and `CVE-2024-43573`.
Jan 1, 2026
Microsoft Patches 163 Flaws Including Exploited SharePoint Bug
Microsoft released fixes for **163 CVEs** across 17 product families, including **8 Critical** vulnerabilities, **1 publicly disclosed** flaw, and **1 vulnerability under active exploitation**. The exploited issue, `CVE-2026-32201`, is a **Microsoft SharePoint Server spoofing vulnerability** that can let an unauthenticated attacker impersonate a user and read or modify certain data. Microsoft also patched `CVE-2026-33825`, a **publicly disclosed Microsoft Defender elevation-of-privilege flaw** that affects systems only when Defender is enabled; the company said customers using Defender automatic updates are remediated automatically. Among the most severe issues, Microsoft highlighted `CVE-2026-33824`, a **Critical Windows Internet Key Exchange (IKE) Service Extensions remote code execution vulnerability** with a **CVSS 9.8**, and advised defenders to restrict **UDP ports 500 and 4500** until patching is complete. Elevation-of-privilege bugs made up the largest share of the release with **94 CVEs**, while **Windows** accounted for **131** of the patched vulnerabilities. Microsoft said **24 flaws** were more likely to be exploited within 30 days, **18** carried CVSS scores of **8.0 or higher**, and the release also included **80 Edge-related advisories**, most inherited from Chrome.
May 25, 2026