Patch Tuesday has been and gone, which means that if you’re responsible for the security of the computers in your office – or the ones you use at home – it’s time to update your systems once again.
And it’s not just Microsoft who has released a raft of security patches, hacking victim Adobe has jumped onboard the bus too.
Here are the essential details:
- MS13-080 Cumulative Security Update for Internet Explorer
- MS13-081 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
- MS13-082 Vulnerabilities in .NET Framework Could Allow Remote Code Execution
- MS13-083 Vulnerability in Windows Common Control Library Could Allow Remote Code Execution
- MS13-084 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution
- MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
- MS13-086 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
- MS13-087 Vulnerability in Silverlight Could Allow Information Disclosure
Rated “Critical”. This is the most important one, as it includes the long-awaited security patch for a zero-day Internet Explorer vulnerability that has been exploited by malicious hackers in the wild.
Rated “Critical”. The most severe of these vulnerabilities could allow remote code execution if a user views shared content that embeds OpenType or TrueType font files. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.
Rated “Critical”. The most severe of the vulnerabilities could allow remote code execution if a user visits a website containing a specially crafted OpenType font (OTF) file using a browser capable of instantiating XBAP applications.
Rated “Critical”. The vulnerability could allow remote code execution if an attacker sends a specially crafted web request to an ASP.NET web application running on an affected system. An attacker could exploit this vulnerability without authentication to run arbitrary code. Fortunately, this vulnerability was privately disclosed to Microsoft – if malicious hackers learn how to exploit it, they might attempt to weaponise it into a fast-spreading worm.
Rated “Important”. Includes fixes for two vulnerabilities, the more severe of which could allow remote code execution if a user opens a specially crafted Office file in an affected version of Microsoft SharePoint Server, Microsoft Office Services, or Web Apps.
Rated “Important”. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software.
Rated “Important”. The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software.
Rated “Important”. The vulnerability could allow information disclosure if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website.
- APSB13-24 Security update for RoboHelp 10 on Windows
Rated “Critical”. The update fixes a vulnerability that could allow an attacker to run malicious code on users’ computers. The good news is that Adobe has not seen this vulnerability being exploited in the wild.
- APSB13-25 Security updates for Adobe Reader XI (11.0.04) for Windows and Adobe Acrobat XI (11.0.04) for Windows
You can learn more, and grab the patches, by following the links above. If you are wanting to protect your home computer it might be sensible to ensure that you have automatic installation of security updates enabled.
Even though recently there have been too many instances of Microsoft releasing a security fix, only to later withdraw it and released a *fixed* version of the security fix, it’s generally good sense for most consumers to allow their computers to automatically install updates when possible.