ID: IRCNE2013071900
Date: 2013-07-13
According to "techworld", this month's Patch Tuesday consists of seven bulletins, six of them critical, that, if exploited, can give attackers power to execute code on victim machines and control them remotely.
One patch fixes a Windows font-parsing problem that uses maliciously crafted files to be mishandled and grant remote execution of code, says Wolfgang Kandek, CTO of Qualys. The most likely way of being attacked is by browsing a malicious Web page or opening an infected document, he says.
The same problem crops up in Silverlight and Lync and are addressed by separate patches.
Four of the bulletins address vulnerabilities found in most versions of Windows including Windows 8 and its ARM-based variant Windows RT, as well as the latest version of Windows Server.
The most dangerous is a vulnerability found by Tavis Ormandy, a Google researcher, who revealed it in March without giving Microsoft much chance to fix it first. The same patch addresses a separate vulnerability that is not under active attack.
This month's bulletins include one to fix 17 flaws in Internet Explorer, something that has become a standard issue over the past few months. The best advice: upgrade to the latest version of the browser, "that's typically the most secure version," Henry says.
Related Links:
Internet Explorer pegged for critical fix on Tuesday
- 2