14 DAY TRIAL // Microsoft has just launched this month’s Patch Tuesday security bulletins, with users expected to receive all fixes via Windows Update in the next few hours.
The company rolled out a total of 8 different bulletins aimed at fixing bugs in Windows, Internet Explorer, and Office. Three of the updates are flagged as critical and the other five are considered to be important.
The three critical patches are aimed at flaws found in Windows and Internet Explorer, with one of the bulletins also fixing the recently-found zero-day discovered in Microsoft’s browser and made public over the weekend.
MS13-090 is a cumulative security update of Active X kill bits, which means that it tries to repair a remote code execution issue in an ActiveX control.
While Microsoft says that it’s already aware of attacks trying to exploit the flaw, their number is only “limited,” so users should be on the safe side for the time being.
“The code execution occurs at the level of the logged on user, so non-admin users would face less of an impact. The remote code execution vulnerability with higher severity rating be fixed in today's release and we advise customers to prioritize the deployment of MS13-090 for their monthly release,” it said.
The MS13-088 bulletin, on the other hand, is addressing ten privately reported vulnerabilities in Internet Explorer, with the most severe said to allow an attacker to gain the same rights as the logged on user once a compromised website is being loaded in the browser.
Last but not least, MS13-089 is fixing a glitch in Windows that could be exploited with the help of a compromised file opened with WordPad.
“The vulnerability could allow remote code execution if a user views or opens a specially crafted Windows Write file in WordPad. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,” Microsoft said.
As usual, all patches are being delivered via Windows Update, so make sure you’re downloading and installing all of them as soon as possible.