Microsoft have released 13 patches which fix various code related issues in Office, Internet Explorer and the Windows operating system.
The 13 bulletins were split into two classed as ‘moderate’, nine classed as ‘important’ and two classed as ‘critical’. They announced the patch yesterday in their notification.
Kurt Baumgartner, a senior malware researcher at Kaspersky Lab wrote on the Securelist blog “Everything from Microsoft operating system kernel and networking components to their Microsoft Internet Explorer web browser and development products are impacted to patch information disclosure, denial of service, memory corruption, and elevation of privilege vulnerabilities.”
The two important ‘critical’ vulnerabilities are related to Internet Explorer and Microsoft DNS server running in Windows 2003 and 2008. There are no exploits yet targeting the Internet explorer vulnerability, however it is possible that one will hit the wild soon.
The DNS vulnerability is serious, as it could allow for a ‘complete system compromise’ according to Joshua Talbot of the Symantec Security Response team. He said “Because no user interaction is needed, a vulnerable service simply needs to be up and running for the vulnerability to be exploited.”
The patch for Internet Explorer fixes five bugs and two flaws. The worst issue could allow an attacker to remotely run code if the viewed visited a maliciously designed website. All versions of the browser need patched, including IE9.
Kitguru says: Get patching.