ID: IRCNE2013091954
Date: 2013-09-14
According to "zdnet", 47 separate vulnerabilities were patched today by Microsoft in the Patch Tuesday updates.
This month's advance notification indicated that there would be 14 bulletins, but only 13 were released today. They affect Microsoft Outlook, Access, Excel, components of Windows, FrontPage, SharePoint, Active Directory and there is a cumulative update for Internet Explorer.
Perhaps the most alarming of the vulnerabilities is a certificate parsing vulnerability in Microsoft Outlook 2007 and 2010: "A remote code execution vulnerability exists in the way that Microsoft Outlook [2007, 2010] parses specially crafted S/MIME email messages. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
In other words, you could be exploited merely by opening such a message. On the other hand, Microsoft says that exploit code for this vulnerability would be difficult to build. Even so, this sounds like one to patch ASAP.
- 2