Microsoft has recently released the February 2013 Patch Tuesday updates, trying to fix a total of 57 security vulnerabilities with 12 different bulletins.The updates are aimed at a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Exchange Server, and the .NET Framework.
Of course, the most important patches are the ones labeled as “critical,” one of which is developed to fix 13 Internet Explorer vulnerabilities.
A hole in Microsoft’s in-house browser would allow an attacker to execute malicious code on a vulnerable system once the user loads a compromised website on an unpatched system. Microsoft claims that no such attacks have been reported so far.
“For those who need to prioritize deployment, we recommend focusing on MS13-009, MS13-010 and MS13-020 first,” Dustin Childs, group manager of Response Communications for Microsoft Trustworthy Computing, said in a statement.
MS13-009 is aimed at Internet Explorer, while MS13-010 is trying to fix a flaw in the Vector Markup Language. MS13-020 is designed for Microsoft’s Windows operating system.
“The vulnerability could allow remote code execution if a user viewed a specially crafted webpage using Internet Explorer. This issue was privately reported and we have not detected any attacks or customer impact,” Childs said about MS13-010 in a blog post.
As for the Windows update, it’s trying to resolve an issue in Microsoft Windows Object Linking and Embedding (OLE) Automation.
“The vulnerability could allow remote code execution if a user opens a specially crafted file. An attacker who successfully exploited the vulnerability could gain the same rights as the current owner. This issue was privately reported and we have not detected any attacks or customer impact,” Microsoft said in a statement.
As usual, all patches will be delivered via the integrated Windows Update option, but administrators can also download the fixes manually from Microsoft’s Download Center.