Microsoft Sends Out Software Patches

Thursday, January 10, 2013 @ 04:01 PM gHale


If it is the start of a new year, then what says Happy New Year more than another Microsoft patch Tuesday as the software giant fixed two critical vulnerabilities and five important vulnerabilities.

The first critical vulnerability, MS13-001, is a flaw in the Windows 7/Windows Server 2008 R2 print spooler service that if exploited could lead to remote code execution.

RELATED STORIES
Researchers Bypass Microsoft IE Fix
More Victims in IE Zero Day
IE Zero Day
Google Bans Auto Install

MS13-002 is the other critical flaw and affects Microsoft XML Core Services. This vulnerability also could lead to remote code execution if someone using Internet Explorer is enticed to surf to a malicious web page. This affects all currently released versions of Windows, including RT.

The five important patches include:
• MS13-003 – Elevation of privilege in Microsoft System Center Operations Manager 2007/R2
• MS13-004 – Elevation of privilege in Microsoft .NET Framework 3.5/3.5.1/4/4.5 on all MS OSs
• MS13-005 – Elevation of privilege in Microsoft Windows Vista/Server 2008/7/Server 2008 R2/8/Server 2012/RT
• MS13-006 – Security feature bypass in Microsoft Windows Vista/Server 2008/7/Server 2008 R2/8/Server 2012/RT
• MS13-007 – Denial of Service in Microsoft .NET Framework on Windows XP/Server 2003/Vista/Server 2008/7/Server 2008 R2/8/Server 2012

Microsoft also released an updated Flash Player for Internet Explorer 10 on Windows 8/Server 2012/RT to address CVE-2013-0630.

None of the patches included the Internet Explorer Zero Day that released two weeks ago.



Leave a Reply

You must be logged in to post a comment.