
close
close
Microsoft’s monthly ‘Patch Tuesday’ update — which occurs every second Tuesday each month — was made available yesterday, and addresses a whopping 57 separate security vulnerabilities in the form of 12 separate security bulletins, and spans dozens of Microsoft platforms and products, including Windows Server, various Windows client OSes, and Internet Explorer. Microsoft outlined all of the separate bulletins in their Security Bulletin for February 2013, and rated five of the bulletins as critical and seven of them as important. Due to the size and severity of the issues being patched, many security experts have said that this is one of the largest and most significant Patch Tuesday updates in recent memory.
According to Chester Wisniewski, a Senior Security Advisor at Sophos Canada, the first bulletin — MS13-009 – Cumulative Security Update for Internet Explorer — is the most important. “This patch fixes 13 privately disclosed vulnerabilities in Internet Explorer that could result in remote code execution (RCE),” Wisniewski writes in the Sophos Naked Security blog. “In more simple terms, browsing to a malicious web site could result in malware being installed on your computer. Often the distinction between privately and publicly disclosed vulnerabilities can make a difference as to the urgency of applying the fix. In this case, despite the bugs being privately disclosed Microsoft is warning that exploitation in the wild is imminent.”
advertisment
Wolfgang Kandek, CTO of cloud security provider Qualys, thinks that the second most significant bulletin is MS13-010 – Vulnerability in Vector Markup Language Could Allow Remote Code Execution, which concerns a vulnerability that has been discovered in the Active-X Dynamic Link Library (DLL). “It is rated critical and quite urgent to fix because the vulnerability is being exploited in the wild,” Kandek writes in the Qualys Laws of Vulnerabilities blog. “The bug is in the VML (Vector Markup Language) DLL, the ActiveX control for the largely unused XML-based standard format for two-dimensional Vector graphics.”
Microsoft has also provided some additional guidance in the form of a risk assessment table that provides information that should help system administrators prioritize which bulletins are most important and which updates should be applied.
What are your thoughts on the February 2013 patch tuesday release? Drop me an email with your thoughts.
advertisment
More from Jeff James
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft's New Security Experts Service Protects Businesses Against Ransomware Attacks
May 9, 2022 | Rabia Noureen
Microsoft, Google, and Apple to Expand Passwordless Login Across All Major Platforms
May 5, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group