Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events Acronis #CyberFit Summit 2021 Avaya Newsroom Experiences That Matter Cisco Partner Summit Digital 2020 Intel Partner Connect 2021

Microsoft Fixes 19 Critical Internet Explorer Vulnerabilities

The June 2013 round of Patch Tuesday security updates includes one critical bulletin for Internet Explorer and four bulletins in Office, Windows that are rated important.

The software giant issued five bulletins, one critical, addressing security issues across its product line. The company's June 2013 Patch Tuesday includes fixes to Microsoft Office, the Windows Kernel and a Print Spooler coding error.

Microsoft said the Internet Explorer update affects all versions of the browser. It is rated moderate for Internet Explorer running on Windows servers. The issues include a script debug flaw and 18 memory corruption errors. Microsoft said an attacker could set up a malicious website to exploit the flaw and then lure users to visit the site. A successful attempt could enable an attacker to gain complete control of a victim's PC.

[Related: Ransomware Attack Now Steals Passwords, Microsoft Warns ]

The June round of security updates was a relatively light month for patching administrators. In his analysis of the update, Amol Sarwate, director of vulnerability labs at Qualys, said security pros should watch the IE issues closely. He said the light patching month should be no problem for administrators. He urged patching admins to quickly issue the update fixing the coding errors.

Other security updates were rated important. Microsoft also patched a flaw in the Windows Kernel that could result in information disclosure. The issue stems from the way the Windows kernel handles certain page fault system calls. Another kernel error could cause a denial-of-service condition.

An update to Microsoft Office repairs a flaw that could allow an attacker to gain access to system files and gain the same rights as the current user on the corporate network. The attacker would need to send a malicious email message and get the victim to open it in Outlook while using Microsoft Word as the email reader. The issue also is rated important and affects supported editions of Microsoft Office 2003 and Microsoft Office for Mac 2011.

In addition, Microsoft issued a security advisory, updating cryptography and digital certificate handling in Windows. The update impacts all versions of Windows, Microsoft said. The update has been part of a series of software improvements that enables the software maker to have more control over digital certificates that validate Windows software. "Customer protection is an important facet of everything we do. We encourage you to apply these security updates if you do not have Automatic Updates enabled, and visit the Microsoft Security Response Center blog for prioritization guidance," said Dustin Childs, group manager, Microsoft Trustworthy Computing, in a statement issued today to CRN.

In May, Microsoft fixed 33 flaws across its product line, including a dangerous flaw in Internet Explorer 8.


Back to Top



    trending stories

    sponsored resources