April 04, 2013

April's Patch Tuesday from Microsoft includes another Internet Explorer patch

April's Patch Tuesday from Microsoft includes another Internet Explorer patch
April's Patch Tuesday from Microsoft includes another Internet Explorer patch

Microsoft is readying nine patches to be released Tuesday as part of the software giant's monthly security update.

Two of the nine fixes address vulnerabilities rated "critical," meaning they could be exploited to execute remote code, while the remaining seven patches attend to flaws deemed "important," according to an advance notification from Microsoft.

Security observers eyed one of the critical fixes, "Bulletin 1," as the most pressing because it involves vulnerabilities in all supported versions (6-10) of Internet Explorer (IE). Security weaknesses in browsers are preferred vectors of attack for cyber criminals because often they can be successful by a victim merely visiting an infected web page.

Andrew Storms, director of security operations at nCircle, which recently was acquired by Tripwire, suspects one of the IE flaws being plugged was discovered last month at the Pwn2Own hacker contest at the CanSecWest show in British Columbia.

The update's remaining patches, address issues in Windows, Office, Server Software and Security Software. The update is due out around 2 p.m. EST on Tuesday.

Related Articles
Related Topics

Sign up to our newsletters

More in News

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.

WordPress tightens security with two-factor authentication

The new feature is immediately available for users and "secret" codes can be accessed via SMS or through the Google Authenticator app.

Microsoft fixes three "critical" flaws with Patch Tuesday release

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.