Microsoft To Issue Critical Update To Internet Explorer

By Robert Westervelt
March 07, 2013 3:10 PM ET

Microsoft will repair critical vulnerabilities in Internet Explorer and other serious flaws in Office and SharePoint Server during its Patch Tuesday updates scheduled for March 12.

The software giant said it would issue seven bulletins next week, four critical and three important, as part of its March 2013 round of scheduled security updates. The issues impact all currently supported versions of Microsoft Windows, the company said in its Advance Notification issued today.

The critical coding errors include remote code execution vulnerabilities and an elevation of privilege flaw. The update also addresses information disclosure errors. Several of the updates, including those slated for its server software, may require a restart, Microsoft said.

Vulnerability management experts said the update to Internet Explorer and Silverlight indicates that the software maker is attempting to protect users from drive-by attacks. Alex Horan, senior product manager, CORE Security, said in a statement that the slew of end-user patches required to fix the errors could make patching difficult for administrators. "These patches can be a hassle for users to deploy and have the potential to create a long enough delay where hackers can take advantage," Horan said in a statement.

Wolfgang Kandek, CTO of vulnerability management vendor Qualys, said the issues with Microsoft Office could be serious. The update affiliated with Office includes repairs to Visio and Office Filter Pack, which usually requires extensive user interaction, such as opening an infected file, in order for a cybercriminal to carry out an attack, Kandek wrote in the company blog. "It will be interesting to see the attack vector for this vulnerability that warrants the 'critical' rating," he wrote.

Microsoft issued 12 security bulletins in February, addressing 57 flaws in Microsoft Windows, Office, Exchange and the .NET Framework. The update last month included a repair for a serious graphic Zero-day vulnerability and 13 critical coding errors in Internet Explorer in the wake of drive-by attacks targeting the browser.

PUBLISHED MARCH 7, 2013

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Tech 10: Hot Antivirus Alternatives For 2013 CRN identifies 10 vendors that have developed innovative ways to detect malware and analyze threats to better protect corporate networks. They take a giant step beyond traditional signature technologies.
	10 Emerging Security Technologies Gaining Interest, Adoption Despite some security defenses being only in their infancy, they are attracting interest for addressing BYOD issues, cloud security concerns and stolen account credentials. Here's a look at some of the top new security areas gaining industry interest.
	5 Government Intelligence Facilities You've Never Heard Of One facility has been around since the dawn of space exploration, while other buildings are still in construction. But, they all have serious data analysis and surveillance support activities associated with them.
	More Slide Shows