14 DAY TRIAL // Microsoft rolled out a massive security update on Patch Tuesday to resolve privately disclosed vulnerabilities in Internet Explorer, but even though the company first said that no successful attacks have been reported, it seems that cybercriminals are actually trying to exploit some flaws.
Microsoft’s security bulletin MS13-055 was flagged as critical and included a cumulative security update for Internet Explorer, starting with version 6 and ending with build 10.
All Windows versions still supported by Microsoft have been included in the release, so Windows XP Service Pack, Windows Vista, Windows 7, and Windows 8 users received new patches yesterday.
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” Microsoft explained in a security advisory.
“An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
The software maker has updated the bulletin a few hours after the public release to state that some attacks aimed at Internet Explorer 8 users have indeed been reported, so everybody should apply the patches as soon as possible.
“Bulletin revised to announce that Microsoft is aware of targeted attacks attempting to exploit the vulnerability described in CVE-2013-3163 through Internet Explorer 8. Applying this security update protects customers from exploitation of this vulnerability,” the company explained.
Microsoft claims that no attacks have been received for the other IE versions included in the bulletin.
As usual, all patches are being delivered through the integrated Windows Update feature, so you have nothing else to do than to allow your computer to download and deploy the available fixes.
More information on the Internet Explorer patches released yesterday can be found here.