Microsoft fixes three "critical" flaws with Patch Tuesday release

Share this article:

Microsoft's monthly security update released Tuesday includes fixes for three, privately disclosed "critical" vulnerabilities in Internet Explorer (IE) and Remote Desktop Connection (RDC).

The flaws could allow remote code execution in IE and RDC if a user visits a malicious web page, according to the company's Patch Tuesday bulletin.

In total, the update contains nine patches to correct 14 vulnerabilities, which, in addition to remote code execution, could grant an attacker elevated privileges or carry out denial-of-service (DoS) attacks.

Ziv Mador, director of research at security and compliance firm Trustwave, said the IE (MS13-028) and the RDP bugs (MS13-029) are the most pressing to patch.

“It has been a few months since we have had [an] RDP (remote desktop protocol) vulnerability, but I was pretty sure we hadn't seen the last of them,” he wrote. “In this case, getting a user to visit a specially crafted web page could result in remote code execution. The actual flaw is located in the ActiveX control, mstscax.dll, which attempts to access an object in memory that has been deleted.”

Other vulnerabilities categorized as “important” by Microsoft included a flaw in SharePoint Server that could allow information disclosure to an attacker. As well, a patch for Active Directory was released, fixing a flaw that could enable an attacker to carry out a denial-of-service attack. . 

Meanwhile, Microsoft has announced that it would end support for Windows XP on April 8, 2014. It was originally released in August 2001.

“This means that any new vulnerabilities discovered in Windows XP after its end-of-life will not be addressed by new security updates by Microsoft," said a blog post from Tim Rains, director of product management at Microsoft Trustworthy Computing Group. "Moving forward, this will likely make it easier for attackers to successfully compromise Windows XP-based systems using exploits for unpatched vulnerabilities."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.