Microsoft released eight security bulletins on Tuesday, August 13, that fixes 23 vulnerabilities that have affected their services specifically Windows, Internet Explorer and Exchange. Of the eight bulletins three were rated critical, while the remaining five are considered as important.
Microsoft Vulnerabilities In Latest Monthly Security Patch
Fortifying Internet Explorer
End users are encouraged by Microsoft to prioritize deploying MS13-059 as soon as possible. This is a cumulative security update that addresses eleven vulnerabilities found in Internet Explorer, which directly affects version 6 to 10 as well as Windows RT. All 11 flaws were rated “1” in the Exploitability Index, which means that Microsoft intends to target them within 30 days or sooner. Microsoft noted that some of the most critical vulnerabilities may easily permit attackers to do remote code execution. The problem could occur when a user visits a specially created webpage using IE and an attacker can exploit these critical vulnerabilities to have the same level of user rights as that of the current user. The IE update also includes a patch that addresses the vulnerability that was used for the Pwn2Own contest held earlier this year.
Addressing Font Attack
The second bulletin, MS13-060, is related to the vulnerability found in the Unicode Script Processor within the Windows operating system. The vulnerability can be exploited by attackers by using font rendering to carry out the attack and eventually gain control over the victim’s computer. Accordingly, the vulnerability is limited to the Bangali font that is part of Windows XP’s Indic language pack. Thus, organizations that do not run the aforesaid version of Microsoft’s operating system will not have to worry about the patch for the said script vulnerability. However, the guys at Redmond also noted that about 13 percent of users are still using XP, and Microsoft are advising them to quickly make the switch to a newer operating system, since the said OS version will lose its support next year. When that happens, security updates will no longer be implemented, making computers that run in Windows XP easy targets for attackers of all skill levels.
Beefing up Microsoft Exchange
The third critical bulletin (MS13-061) is directed toward fixing three remote code execution vulnerabilities in Microsoft Exchange’s WebReady Document Viewing and Data Loss Prevention features. An attacker could exploit these three flaws using a specially crafted PDF file that when viewed by a user (without necessarily downloading the file) would put his or her mail server at risk of being penetrated by the attacker. These vulnerabilities have been patched some time ago.
So the fix is more about updating and reinforcing those patches to keep attackers at bay and to make Microsoft Exchange more secure. This month’s patch list also addresses other vulnerabilities that include privilege elevation, denial of service and information disclosure. Basically, for end users implementing these new fixes must be carried out so as to avoid attackers from exploiting holes within their computers. Apart from these, however, deploying security features in conjunction with these patches should also be done to fend off attackers and further fortify their systems.
Author Bio: Betty Fulton is a seasoned writer with a strong interest in technology, the Internet and social media. Her passion for these subjects is apparent from her writings, which usually cover news about the said industries. She also writes for PC Doc based in Edinburgh.
Leave a Reply