ID: IRCNE2013051844
Date: 2013-05-15
According to "computerworld", just 11 days after issuing an advisory, Microsoft has released a patch for a bug in Internet Explorer 8 that bedeviled the U.S. Department of Labor earlier this month.
This IE8 security bulletin (MS13-038) is one of 10 that Microsoft released Tuesday as part of its "Patch Tuesday" release of bug fixes and security bulletins that the company routinely issues on the second Tuesday of each month.
Microsoft marked MS13-038 as critical and the company, along with other security firms, are advising those still running IE8 to apply the fix immediately. Using an altered Labor Department Web page, attackers used this vulnerability in an attempt to install malicious code on any visitor's machine running IE8. Microsoft issued a temporary fix for this vulnerability last week.
The other critical bulletin, MS13-037, also affects Internet Explorer. This update resolves 11 issues that would have made it easy to inject malicious code into the browser from a specially crafted Web page, allowing the user to take control of a computer.
Those running Windows Server 2012 should take an immediate look at MS MS13-039. This update fixes a vulnerability in the Microsoft Web IIS (Internet Information Services) that could be used in a Denial of Service (DoS) attack, through the use of an HTTP packet. Because it would be relatively simple to craft an attack using this vulnerability, organizations should apply this update as soon as possible, because exploits based on this vulnerability might start appearing in as little as a few weeks, according to Tripwire.
The seven remaining bulletins -- none critical but all deemed important -- address bugs in Microsoft's Lync, Publisher, Word, Visio, Windows Essentials, .Net, and the Windows kernel.
Related Link:
May's Patch Tuesday to fix two critical flaws in Internet Explorer
Microsoft releases emergency patch for critical IE8 zero-day exploit
- 2