Yesterday was another patch Tuesday, and this time Microsoft rolled out some updates that fix some severe security flaws. A total of 28 fixes were rolled out, included among them is the zero-day exploit for Internet Explorer 6-11 known as CVE-2013-3893. This series of patches marks the 10th anniversary for Microsoft’s patch Tuesday schedule. Of course, the majority of the vulnerabilities patched today could be avoided by using basic computer security common sense.
If you are running Windows make sure that you update your PC! Instructions for Windows 7 | Windows 8. Links to the individual knowledge base articles can be found within each security bulletin as well as instructions for mass deployment over WSUS and other tools.
Here are the major bulletins that were released along with the patches.
- Security fixes for Internet Explorer including zero-day exploit patch.
- Fixes several Windows kernel vulnerabilities when opening content that embeds infected OpenType or TrueType font files.
- Patches .NET framework exploit which allowed websites containing hacked OpenType fonts to access the system.
- A patch for ASP.NET which allowed it to execute remote code through web applications.
- Microsoft SharePoint server remote code execution patch.
- Disables a remote code execution vulnerability in Microsoft Excel.
- Similar to above, for Microsoft Word.
- Privacy flaw in Silverlight Cloud.
The full list of security bulletins can be viewed on the Technet website @microsoft.com, however the ones linked above are all that were released this week.