This month’s Patch Tuesday is a fairly sizeable one, with 13 bulletins covering 47 vulnerabilities.
Microsoft pulled a vulnerability related to a .Net issue, but a host of flaws remained in yesterday’s release, covering Windows, Office, Internet Explorer and SharePoint.
Four of the Patch Tuesday bulletins were ranked as critical, nine as important. Microsoft has singled out three flaws it believes should take priority.
The first is one that resides in Outlook and could be exploited to let a hacker execute code remotely
“This privately reported issue could allow remote code execution if an email carrying a specially crafted S/MIME certificate is viewed or previewed on an affected system,” Microsoft said in a blog post.
“Creating S/MIME certificates is trivial, but creating the specific one in the precise manner needed to execute code will be difficult. Still, the possibility is there and that is why we listed this update as our highest priority for this month.”
The MS13-069 bulletin is also key, fixing 10 issues in all supported versions of Internet Explorer, which could be exploited if a user is directed to a specially-crafted malicious website.
There are 10 issues in SharePoint Servers too, allowing for remote code execution. To exploit them, an attacker could send specially-crafted content to an affected server, which would fail to properly validate the input and potentially let the hacker execute code on the server.
“The top three criticals should take priority this month but don’t forget about the balance of importants. It’s possible that a string of importants could be chained together and, with an escalation of privilege, you would have a big problem,” warned Paul Henry, security and forensics analyst at Lumension.
“Total Microsoft patches to-date for 2013 now sit at 79. This is well ahead of the 63 patches released through September, 2012.”
How much do you know about information security? Try our quiz and find out!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…