Security

Patch Tuesday: Microsoft Fixes Vulnerabilities in Windows, Office, Internet Explorer, and Server Tools

While not as massive as the monster patch tuesday release for February 2013, Microsoft’s patch tuesday updates for March 2013 were still noteworthy. The update include four critical and three important bulletins, which address close to two dozen vulnerabilities in a host of Microsoft products. Microsoft details all of the updates in their Security Bulletin for March 2013, which indicates that the vulnerabilities impact Microsoft Windows, Server Tools, Internet Explorer, Microsoft Office, and Silverlight.

In a post on the Microsoft Security Response Center blog, Dustin Childs, Microsoft Group Manager, Response Communications in the Microsoft Trustworthy Computing group, urged system administrators to focus on three of the updates. “For those who need to prioritize deployment, we recommend focusing on MS13-021, MS13-022 and MS13-027 first.”

I also spoke with Wolfgang Kandek, the CTO of cloud security vendor Qualys, to get more detail on the highest priority of this month’s security updates. Kandek said that the most critical update was MS13-021 – Cumulative Security Update for Internet Explorer (2809289). “There are 9 vulnerabilities addressed in that update, which deals with a vulnerability for Internet Explorer 8,” Kandek said. “An exploit for this vulnerability is already out and available…and will be integrated into the tools that attackers can use to build attacks from.”

Kandek also provided further details of why MS13-022 – Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) and MS13-027 – Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986) were important updates. “MS13-022 updates Silverlight…this could impact you if you’re using applications based on Silverlight, like the Netflix [streaming video player] for Mac and Windows,” Kandek said. “We haven’t seen a lot of attacks against Silverlight, but it’s something to address.”

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

The next bulletin admins need to be concerned about is MS13-027. “This updates fixes a vulnerability that allows attacks against the windows kernel through a USB port,” Kandek said. “This would allow someone to launch attack by using a USB drive, and potentially give that person control of that machine [from the kernel level].”

What are your thoughts on the March 2013 patch tuesday release? Drop me an email with your thoughts.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Download this eBook!

External Sharing and Guest User Access in Microsoft 365 and Teams

his eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure. The eBook will also outline some of the major decision points across four general-purpose guest access policy scenarios for how an organization can set this up with standard licensing.

Download Now

Sponsored By