Microsoft squashes 9 bugs with Patch Tuesday fixes
Plugs holes in IE10, locks down privilege escalation vulns
Microsoft has issued nine patches for vulnerabilities in its software on the computer-murk jamboree day that is Patch Tuesday.
The updates plug two "critical" vulnerabilities in Internet Explorer and Windows that allow for remote code execution, and seven "important" vulns that allow for privilege escalation, denial of service attacks, and data leakage.
One of the critical patches fixes a set of two vulnerabilities within all versions of Internet Explorer including IE 10, that are made more severe if users have administrative rights on the system.
The other critical patch plugs a privately reported vulnerability in Windows Remote Desktop Client that affects many versions of Windows excluding Win 8, Server 2012, and Windows RT.
As expected, the other seven patches deal with less concerning or severe bugs, though two of these – "Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilige (MS13-034)," and "Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilige (MS13-036)" – merit a "1" on Redmond's exploitability index, making "exploit code likely."
As is typical, these patches are delivered by Windows Update. Intel, Google, and HP researchers reported the vulnerabilities to Microsoft, among others.
Alongside the typical updates, Tuesday also brought patches for Microsoft's "Surface" line of fondleslabs. These marked the fifth time the Surface RT slabs have been given a software touch-up, and the third time for the Surface Pros. ®