Number: IRCNE2013021750
Date: 2013/02/08
According to “zdnet”, Microsoft will release 12 patches for 57 vulnerabilities next week for Windows, Internet Explorer, and Office.
A spattering of enterprise products, including Microsoft Office and Windows Server, and developer tools, such as .NET Framework, will also be patched.
Five of the updates are labeled "critical," in which malicious code can be remotely executed on users' machines. Another vulnerability that allows remote code execution is labeled "important."
The company's pre-release bulletin warns of two major vulnerabilities for Internet Explorer, which will patch a flaw allowing hackers to run remotely executed code on vulnerable machines. All versions from IE6 to IE10 are affected, including Windows RT-based Surface tablets, which will also need to be updated.
With this in mind, users are advised to switch to another browser for the next few days until the updates are released.
Another critical update will address a flaw in Windows XP, Windows Vista, and Windows Server 2003—but does not affect later versions of the operating system, such as Windows 7 or Windows 8.
The fourth critical vulnerability patches Microsoft's email server, Exchange, while the fifth critical vulnerability affects only Windows XP-based machines.
In other "important" updates, Microsoft will also patch SharePoint which could be subject to code injection attacks.
Microsoft doesn't release the full details of the vulnerabilities until patches are made available.
- 2