October 9, 2013
Internet Explorer released some new patches today to fix several vulnerabilities within the browser.
The fixes were all part of the monthly event known as Patch Tuesday. Incidentally, today also marked the 10-year anniversary of Microsoft’s patch Tuesdays.
For the month of October, Microsoft released eight new security bulletins. Four of those were marked critical while another four were noted to be important.
One of the more significant bulletins, however, is MS13-080. A cumulative security update for Internet Explorer, MS13-080 provides a fix for 10 previously reported vulnerabilities for all versions of IE.
“The urgency for applying this update stems from the fact that two of the vulnerabilities addressed are zero-day flaws that are already being actively exploited in the wild,” reports PC World.
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” writes Microsoft in a statement.
“An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user.”
While Microsoft doesn’t seem too concerned with the potential for users to be exploited, says PC World, experts are urging IE customers to implement the patches immediately.
“So far these bugs are only being exploited in limited attacks, but users are still strongly encouraged to patch IE as soon as possible,” Lamar Bailey, director of security research and development for Tripwire, told PC World. “Now that a patch is available we expect to see a rise in the number of attacks using these vulnerabilities.”
Also of note, MS13-081 and MS13-083 are worth updating, says PC Magazine.
“It’s important for system administrators to consider deploying MS13-083 even on servers which would not typically open RTF documents,” said Tripwire security researcher Craig Young, citing the kind of file used to exploit this vulnerability. “The underlying flaw is within common controls that can potentially be attacked through means other than maliciously crafted RTF documents.”
Megan Abraham is a staff writer for SiteProNews.