On 11 February 2013, was the second Tuesday of the month, Microsoft released the its latest vulnerability on their products and their security updates.The Microsfot releases a pre-announcement in the days running up to Patch Tuesday, giving a few details of the products that are likely to be patched, and the severity level of flaws that are fixed.
There were two additional critical bulletins included in the mix that hadn’t been included in Microsoft’s initial pre-announcement and one of them was a mammoth Internet Explorer update that addresses a whopping 24 vulnerabilities.
Microsoft issued seven patch bundles, addressing over 30 vulnerabilities in Windows and related software.
The most serious vulnerabilities are those that allow remote code execution, such as that addressed by Microsoft Security Bulletin MS14-007.
The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to view specially crafted content.
Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to an attacker's website, or by getting them to open an attachment sent through email.
This security update is rated Critical for all supported editions of Windows 7, Windows 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.
The security update addresses the vulnerability by correcting the way that Direct2D handles objects in memory.
For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
No comments:
Post a Comment