Original URL: http://www.theregister.co.uk/2013/02/13/feb_patch_tuesday/
Get up, shake off the hangover: These 57 Microsoft holes won't fix themselves
This month's fat security Patch Tuesday has landed
Posted in Security, 13th February 2013 11:44 GMT
Watch Now : Virtual Machine Movement with Hyper-V
A bumper Microsoft Patch Tuesday has rolled out 12 security bulletins that collectively address a hefty 57 vulnerabilities.
Five of these bulletins reveal critical holes in the software giant's products: one bulletin (MS13-009) covers 13 bugs found in Internet Explorer, while another (MS13-016) tackles a privilege-escalation flaw in win32k.sys, a core Windows kernel-mode component. One of the IE bugs can be exploited by an attacker to gain control of a user's machine via a drive-by download.
Another update (MS13-010) also patches Microsoft's web browser to squash a security bug in an ActiveX dynamic-link library. This update is, if anything, even more important because it addresses a vulnerability that's being actively exploited by miscreants.
The other critical updates cover Windows bugs, as explained in Microsoft's bulletin here [1].
In other patching news, Adobe followed up a Flash release last week that grappled with two 0-day vulnerabilities, with a new patch for its plugin. The update fixes 17 security flaws [2]. Users of Internet Explorer 10 and Google Chrome should be patched automatically.
Commentary on both updates can be found in a blog post by Wolfgang Kandek, CTO of Qualys, here [3]. ®