Patch Tuesday Lands With Critical Internet Explorer Fix

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

All supported versions of IE affected as IT pros urged to take action

Today is the fourth Patch Tuesday of 2013 and Microsoft has delivered a small yet important batch of updates, including some for all supported versions of Internet Explorer.

Two of the patches are ranked critical, the other seven as important. The IE fix is for all supported version of Windows, from XP onwards, and for all versions of Internet Explorer from 6 upwards, including 10 for Windows 8 and RT.

microsoft-patch-lInternet Explorer patch

Wolfgang Kandek, CTO of security firm Qualys, said the IE fix “should be on the top of your patching efforts”.

“It is rated ‘critical’ and allows Remote Code Execution through today’s most common attack vector: one of your users browsing to a malicious website,” Kandek said.

It’s currently unclear whether Microsoft is patching an Internet Explorer flaw discovered by exploit seller VUPEN in the PWN2OWN hacking contest.

One of the important updates is for Windows Defender, Microsoft’s malware scanner, whilst the others are for Windows and the Sharepoint server.

“The vulnerabilities addressed in these bulletins typically allow the attacker Escalation of Privilege from a normal user to an admin level user once they are already on the machine or can trick the user to open a specifically-crafted file.”

IT teams should be busy patching this month. On 16 April, Oracle will release an out-of-band update for Java, following a string of recent vulnerability finds.

What do you know about Internet security? Find out with our quiz!

Read also :