
close
close
While not as massive as the monster patch tuesday release for February 2013, Microsoft’s patch tuesday updates for March 2013 were still noteworthy. The update include four critical and three important bulletins, which address close to two dozen vulnerabilities in a host of Microsoft products. Microsoft details all of the updates in their Security Bulletin for March 2013, which indicates that the vulnerabilities impact Microsoft Windows, Server Tools, Internet Explorer, Microsoft Office, and Silverlight.
In a post on the Microsoft Security Response Center blog, Dustin Childs, Microsoft Group Manager, Response Communications in the Microsoft Trustworthy Computing group, urged system administrators to focus on three of the updates. “For those who need to prioritize deployment, we recommend focusing on MS13-021, MS13-022 and MS13-027 first.”
advertisment
I also spoke with Wolfgang Kandek, the CTO of cloud security vendor Qualys, to get more detail on the highest priority of this month’s security updates. Kandek said that the most critical update was MS13-021 – Cumulative Security Update for Internet Explorer (2809289). “There are 9 vulnerabilities addressed in that update, which deals with a vulnerability for Internet Explorer 8,” Kandek said. “An exploit for this vulnerability is already out and available…and will be integrated into the tools that attackers can use to build attacks from.”
Kandek also provided further details of why MS13-022 – Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) and MS13-027 – Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986) were important updates. “MS13-022 updates Silverlight…this could impact you if you’re using applications based on Silverlight, like the Netflix [streaming video player] for Mac and Windows,” Kandek said. “We haven’t seen a lot of attacks against Silverlight, but it’s something to address.”
The next bulletin admins need to be concerned about is MS13-027. “This updates fixes a vulnerability that allows attacks against the windows kernel through a USB port,” Kandek said. “This would allow someone to launch attack by using a USB drive, and potentially give that person control of that machine [from the kernel level].”
What are your thoughts on the March 2013 patch tuesday release? Drop me an email with your thoughts.
advertisment
More from Jeff James
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
Build 2022: Microsoft Boosts Data Analytics and Cybersecurity in New Training & Certifications
May 24, 2022 | Rabia Noureen
Microsoft Defender for Office 365 to Get Preset Security Policy Improvements In June
May 23, 2022 | Rabia Noureen
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group