ID: IRCNE2013101977
Date: 2013-10-09
According to "zdnet", Microsoft on Tuesday released patches for 28 vulnerabilities in numerous products. The most important ones for most users fix serious vulnerabilities in Internet Explorer, Windows and the .NET Framework.
Here is a breakdown of the bulletins and what they address.
- MS13-80 (Critical): Cumulative Security Update for Internet Explorer (2879017) This is a cumulative update for Internet Explorer which addresses 10 vulnerabilities. (Microsoft had provided a Fix-It as an interim measure.)
- MS13-81 (Critical): Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008) - This update fixes 7 vulnerabilities reported by outside researchers. One could allow complete system compromise when the user views maliciously-constructed OpenType fonts, and another for TrueType fonts. The other 5 are privilege escalation bugs. All versions of Windows other than 8.1, 8.1 RT and Server 2012 R2 are affected.
- MS13-82 (Critical): Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890) — This describes 3 vulnerabilities in most versions of the .NET Framework. The one critical vulnerability is the same OpenType parsing bug in MS13-081.
- MS13-83 (Critical): Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058) — A vulnerability in Windows can be exploited through an ASP.NET web application running on it.
- MS13-84 (Important): Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)
- MS13-85 (Important): Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)
- MS13-86 (Important): Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)
- MS13-87 (Important): Vulnerability in Silverlight Could Allow Information Disclosure (2890788)
Related Links:
Microsoft patches coming, including Internet Explorer zero-day 8
- 2