Today is the fourth Patch Tuesday of 2013 and Microsoft has delivered a small yet important batch of updates, including some for all supported versions of Internet Explorer.
Two of the patches are ranked critical, the other seven as important. The IE fix is for all supported version of Windows, from XP onwards, and for all versions of Internet Explorer from 6 upwards, including 10 for Windows 8 and RT.
Wolfgang Kandek, CTO of security firm Qualys, said the IE fix “should be on the top of your patching efforts”.
“It is rated ‘critical’ and allows Remote Code Execution through today’s most common attack vector: one of your users browsing to a malicious website,” Kandek said.
It’s currently unclear whether Microsoft is patching an Internet Explorer flaw discovered by exploit seller VUPEN in the PWN2OWN hacking contest.
One of the important updates is for Windows Defender, Microsoft’s malware scanner, whilst the others are for Windows and the Sharepoint server.
“The vulnerabilities addressed in these bulletins typically allow the attacker Escalation of Privilege from a normal user to an admin level user once they are already on the machine or can trick the user to open a specifically-crafted file.”
IT teams should be busy patching this month. On 16 April, Oracle will release an out-of-band update for Java, following a string of recent vulnerability finds.
What do you know about Internet security? Find out with our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…