Patch Tuesday: Microsoft Fixes Vulnerabilities in Windows, Office, Internet Explorer, and Server Tools

While not as massive as the monster patch tuesday release for February 2013, Microsoft’s patch tuesday updates for March 2013 were still noteworthy. The update include four critical and three important bulletins, which address close to two dozen vulnerabilities in a host of Microsoft products. Microsoft details all of the updates in their Security Bulletin for March 2013, which indicates that the vulnerabilities impact Microsoft Windows, Server Tools, Internet Explorer, Microsoft Office, and Silverlight.

In a post on the Microsoft Security Response Center blog, Dustin Childs, Microsoft Group Manager, Response Communications in the Microsoft Trustworthy Computing group, urged system administrators to focus on three of the updates. “For those who need to prioritize deployment, we recommend focusing on MS13-021, MS13-022 and MS13-027 first.”

I also spoke with Wolfgang Kandek, the CTO of cloud security vendor Qualys, to get more detail on the highest priority of this month’s security updates. Kandek said that the most critical update was MS13-021 – Cumulative Security Update for Internet Explorer (2809289). “There are 9 vulnerabilities addressed in that update, which deals with a vulnerability for Internet Explorer 8,” Kandek said. “An exploit for this vulnerability is already out and available…and will be integrated into the tools that attackers can use to build attacks from.”

Kandek also provided further details of why MS13-022 – Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) and MS13-027 – Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986) were important updates. “MS13-022 updates Silverlight…this could impact you if you’re using applications based on Silverlight, like the Netflix [streaming video player] for Mac and Windows,” Kandek said. “We haven’t seen a lot of attacks against Silverlight, but it’s something to address.”

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

The next bulletin admins need to be concerned about is MS13-027. “This updates fixes a vulnerability that allows attacks against the windows kernel through a USB port,” Kandek said. “This would allow someone to launch attack by using a USB drive, and potentially give that person control of that machine [from the kernel level].”

What are your thoughts on the March 2013 patch tuesday release? Drop me an email with your thoughts.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: