It’s the time of the month in which we gather round, hold hands, and see just how much of Microsoft’s software needs patching. The answer for this month is ‘lots.’ Out today are a total of 12 bulletins that address a smacking 57 vulnerabilities. Making this Patch Tuesday quite a bit heavier than what we are accustomed to.
Key to the mix of fixes are two bulletins that relate to Internet Explorer. Both are rated as critical, and deal with ‘remote code execution,’ a nasty problem. Here’s Qualys’s Wolfgang Kandek on the twin fixes:
One of them, MS13-009, is referred to as the “core” IE update by Microsoft because it addresses a number of vulnerabilities in IE. It covers 13 bugs with all but one of them being Remote Code Execution vulnerabilities that can be used by an attacker to gain control over a user’s machine via drive-by-download.
The second bulletin also for Internet Explorer, MS13-010, addresses a vulnerability in an ActiveX Dynamic-Link Library (DLL). It is rated critical and quite urgent to fix because the vulnerability is being exploited in the wild.
If you use Internet Explorer in any capacity, you need ensure that you update. The cumulative patch, the first of the two listed above, will require a restart.
Rounding out the rest of the packages are a set of patches that nearly all deal with Windows, and a number with Microsoft’s server products. Recall that a total of five of the bulletins are rated as critical. If you are generally slack about installing fixes, this is the month to shape up.
I’ve seen reports that Windows RT-based devices such as the Surface RT are seeing firmware updates today. If I can find an official source on that, it will be brought to you. Now go update.
Top Image Credit: Ben Lakey