Microsoft mends 33 vulnerabilities in Patch Tuesday release, including Internet Explorer 8 zero-day

Share this article:
Microsoft mends 33 vulnerabilities in Patch Tuesday release, including Internet Explorer 8 zero-day
Microsoft mends 33 vulnerabilities in Patch Tuesday release, including Internet Explorer 8 zero-day

Microsoft on Tuesday patched a dangerous zero-day vulnerability affecting Internet Explorer 8, one of 10 fixes that the software giant released as part of its monthly security update.

The IE 8 hole, which has been actively exploited in attacks against the U.S. government workers, temporarily was plugged last week when Microsoft distributed a Fix-It workaround. The permanent patch, addressed by MS13-038, prevents victims from being hit with an exploit if they visit a web page that has been compromised to serve malware.

The other "critical" patch introduced Tuesday by Microsoft is bulletin MS13-037, which addresses 11 additional vulnerabilities in IE. None of the bugs were publicly known, but they are present in all supported versions of the popular web browser.

Microsoft also tapped MS13-039 as high-priority bulletin. It addresses a single vulnerability in the HTTP protocol stack, known as HTTP.sys, a core Windows component that receives and processes HTTP requests. According to the bulletin, "the vulnerability could allow denial-of-service if an attacker sends a specially crafted HTTP packet to an affected Windows server or client."

The remaining seven patches address flaws in the .NET Framework, Lync, Publisher, Word, Visio, Windows Essentials and kernel-mode drivers.

Share this article:

Sign up to our newsletters

More in News

Feds warn health care sector of looming cyber attacks

The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.