14 DAY TRIAL // Microsoft has released eight different security updates on this month’s Patch Tuesday, trying to fix a total of 23 vulnerabilities in its software, including Windows and Internet Explorer.
Three of these patches are rated as “Critical” and are aimed at glitches found in Windows, Internet Explorer, and Microsoft Exchange Server, with administrators recommended to prioritize their installation.
Security bulletin MS13-059 fixes a flaw in Internet Explorer that would allow remote code execution if a consumer using an unpatched system visits a compromised website.
“An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft explained.
MS13-060, on the other hand, tries to fix a privately-reported vulnerability in the Unicode Scripts Processor in Windows.
“The vulnerability could allow remote code execution if a user viewed a specially crafted document or webpage with an application that supports embedded OpenType fonts. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,” the company added.
Last but not least, MS13-061 is specifically designed to patch vulnerabilities in Microsoft Exchange Server that could allow remote code execution and enable an attacker to take control of a vulnerable machine.
The other five updates are marked as “Important” and are aimed at flaws in Microsoft Windows, including the ancient XP and the newly-launched Windows 8.
Just like all the other fixes rolled out by Microsoft on Patch Tuesday, they are being delivered via Windows Update, which means that users only need an active Internet connection to download and install them. MS13-059 requires a computer restart once installation comes to an end, according to Microsoft.