14 DAY TRIAL // This month’s Patch Tuesday updates were supposed to fix several critical vulnerabilities found in Internet Explorer, as all versions of the browser have been exposed to attacks.
Bulletin MS13-037 was labeled as “critical” and was meant to fix 11 different privately reported security flaws in Internet Explorer 6 to 9 on both Windows clients and servers.
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft explained in an advisory.
The MS13-038 security bulletin, on the other hand, was specifically designed to address the zero-day flaw that allowed attackers to launch a number of attacks using compromised websites, some of which have been accessed by US nuclear weapon researchers.
This time, the vulnerability only affected Internet Explorer 8 on all Windows versions except 8, with no other builds of the browser being affected.
“The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” the company continued.
Just like all the other updates released today, these Internet Explorer fixes have been distributed to Windows computers through the integrated Windows Update, so users basically have nothing else to do than to install the downloaded patches.
Separately, Internet Explorer 10 on all versions of Windows 8 and Windows Server 2012 has received an update of Adobe Flash Player that addresses multiple vulnerabilities reported in the browser plugin.