The Register® — Biting the hand that feeds IT

Feeds

Get up, shake off the hangover: These 57 Microsoft holes won't fix themselves

This month's fat security Patch Tuesday has landed

By John Leyden, 13th February 2013
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

A bumper Microsoft Patch Tuesday has rolled out 12 security bulletins that collectively address a hefty 57 vulnerabilities.

Five of these bulletins reveal critical holes in the software giant's products: one bulletin (MS13-009) covers 13 bugs found in Internet Explorer, while another (MS13-016) tackles a privilege-escalation flaw in win32k.sys, a core Windows kernel-mode component. One of the IE bugs can be exploited by an attacker to gain control of a user's machine via a drive-by download.

Another update (MS13-010) also patches Microsoft's web browser to squash a security bug in an ActiveX dynamic-link library. This update is, if anything, even more important because it addresses a vulnerability that's being actively exploited by miscreants.

The other critical updates cover Windows bugs, as explained in Microsoft's bulletin here.

In other patching news, Adobe followed up a Flash release last week that grappled with two 0-day vulnerabilities, with a new patch for its plugin. The update fixes 17 security flaws. Users of Internet Explorer 10 and Google Chrome should be patched automatically.

Commentary on both updates can be found in a blog post by Wolfgang Kandek, CTO of Qualys, here. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (27)
Highly Rated
Anonymous Coward
Anonymous Coward
Reply Icon

Re: 57 vulnerabilities

> Bloody Microsoft nicking other peoples ideas again! They'll be putting horses in Windows phones next just to get publicity!

They should try that. They might sell better than the current turkeys they're putting out.

5
1
Peter2
Reply Icon

Re: Same S---, Different Day

/me band selects all of the required patches in WSUS, right clicks and selects "Install".

Finished applying patches for the month.

I would wager it took you longer to type your post than it did for most of us to roll the patches out.

5
3
Simulacra75

Are you that concerned?

Just curious about others experiences, but in our organization of about 12,000 machines, all of which are windows, we have had 0 issues with being hit with malware/viruses since about 2002 (that was Blaster IIRC, date might be off somewhat). We use SCCM to deploy patches now and it's been pretty good from what I can see. Still use WSUS on servers though, which is very good for what we need.

1
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
133
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
59
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15