The eight security bulletins release by Microsoft address 23 vulnerabilities from Windows, Internet Explorer and Exchange. The most important patches, as per Microsoft’s recommendation, are MS13-059 (Internet Explorer) and MS13-060 (Windows XP and Server 2003.). After applying those first priority patches, you should patch every other software from Microsoft that you are using to make sure you have a top-notch security

23 vulnerabilities found in Patch Tuesday

Security bulletin MS13-059 is an important security update for Internet Explorer that covers 11 privately disclosed vulnerabilities. We don’t know if these have been widely used or if they have been heavily exploited by hackers. Security bulletin MS13-060 patches a vulnerability found Microsoft Exchange Server’s Unicode Script Processor, letting hackers  font rendering as an attack vector. Qualys CTO Wolfgang Kandek explained: Tthe fonts are drawn on the kernel level, so if you can somehow influence the drawing of the fonts and overflow it. This would give an attacker control over the victim’s computer. Amol Sarwate, Director of Qualys Vulnerability Labs: Besides the above, here are some other highlights and “goodies” from this month’s Patch Tuesday that and the description of the rest of the security bulletins:

MS13-061 – vulnerability Oracle libraries “Outside In” MS13-062 – vulnerability affecting the RPC handling code in all Windows versions MS13-063 – bypass of ASLR (Address Space Layout Randomization) and 3 kernel corruption vulnerabilities to allow elevation of privilege MS13-064 – single denial of service vulnerability in the Windows Server 2012 NAT Driver MS13-065 – single denial of service vulnerability in the IPv6 stack in all versions of Windows except XP and Server 2003 MS13-066 – information disclosure vulnerability in the Active Directory Federation Services (AD FS) in all Intel-based versions of Windows Server other than Server Core.

Besides this, Microsoft has also updated Windows 8 and RT ‘to improve protection functionality in Windows Defender’.

Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ