ID: IRCNE2013031784
Date: 2013-03-12
According to "zdnet", Microsoft has released four critical security updates for Windows and Internet Explorer, along with a bevy of other products, in order to protect against at least 19 vulnerabilities identified in its software.
Critical updates are reserved for security flaws that could compromise the security of a device or system data, while important updates are reserved for those that could lead to an increased scope of attack by malware or hackers, such as an elevation of user privileges to allow hackers to access system files under administrative reach.
First and foremost, Microsoft has fixed a nine vulnerabilities in MS13-021 — eight privately disclosed flaws and one that was disclosed publicly — in which the web browser was at risk of being attacked by a flaw being actively exploited in the wild for around one month.
The most severe Internet Explorer flaw affected all versions of Windows XP (Service Pack 3) and above, including Vista, Windows 7, and Windows 8 — including tablets running Windows RT — running Internet Explorer 6 and above. The flaw could have allowed a hacker to access the vulnerable system with the same user rights.
Other critical vulnerabilities include MS13-022, which patches three flaws in Silverlight that could allow a hacker to gain access and take over a Windows-based or OS X-based machine.
Meanwhile, MS13-023 affects Office, specifically Visio, that could allow remote code execution if a malware-ridden Visio file was opened on a vulnerable machine. MS13-024 affects Windows Server-based systems running SharePoint, in which an attacker could plant malicious code in a search query, commonly known as an XSS vulnerability. This would have given hackers full administrator rights over the affected system.
The other vulnerabilities rated as "important" could allow data and information disclosure, or an elevation of privileges on affected machines. These affect SharePoint, OneNote, Outlook for Mac, and kernel-mode drivers in Windows-based machines.
Today's Patch Tuesday updates are available on the usual channels, such as Windows and Microsoft Update, or through Windows Server Update Services.
The next round of monthly updates will arrive on April 9.
Related Link:
Patch Tuesday: Microsoft to fix four critical flaws, all versions of IE at risk again