Heads-up! If you use Internet Explorer, or MS Office on Windows *or* Mac, get your patches now!


MicrosoftMicrosoft has released its regular monthly bundle of security fixes, known as “Patch Tuesday”. This time it doesn’t just mean security patches for vulnerabilities in software running on the Windows platform - Mac users could be at risk too.

As described in Microsoft’s security bulletin summary for June 2013, the most serious issues - rated “Critical” by the company - affect Internet Explorer, and if left unpatched could allow a remote attacker to run malicious code (such as a worm) on your computer just by you visiting a boobytrapped website.

The single MS13-047 security update for Internet Explorer addresses 19 separate vulnerabilities, affecting all supported versions of Internet Explorer from version 6 to IE 10, on all supported versions of Windows from XP to RT.

Meanwhile, another bulletin - MS13-051 - tackles vulnerabilities in Microsoft Office 2003 Service Pack 3 *and* Office 2011 for Mac that could infect your computer if you open a malformed DOC file.

Woah! Back up a bit there.

Does a bug existing in a relatively old version of MS Office for Windows and a relatively *new* version of MS Office for Mac tell us that the company is treating its Mac users as second class citizens? How come Mac users have - seemingly - been living with a vulnerability for so long in their software, while Windows counterparts who have been regularly ugrading their Office installations have avoided the risk?

If I were a Mac user, I would feel a little less confident about the security of Microsoft products this morning.

As always, you should read the security bulletins and apply them across your business, as appropriate, in a timely fashion. If you’re a home user, or responsible for the security of your work computer, chances are that your best course of action is to install the patches as quickly as possible - before malicious hackers take advantage of the security holes.

Oh, and did you notice? There was no fix in this month’s bundle for the zero-day vulnerability in Microsoft’s software controversially made public by Google security engineer Tavis Ormandy.

Seems we’ll have to wait a little longer for Patch Tavis Day. Hold your breath that no bad guys exploit *that* flaw before Microsoft manages to put together a fix.

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.