Microsoft released another set of updates, February 2013
Less than an hour ago, Microsoft announced the release of the next series of patches aimed at eliminating vulnerabilities in their products. Previously announced in the pre-release (February 7), security fixes cover a total of 57 (!) Unique vulnerabilities (5 patches with the Critical status and 7 with the Important status). A detailed report (including correlation fixes with CVE ID) can be found here .
In particular, two of the five critical updates eliminate vulnerabilities in Internet Explorer. Using these vulnerabilities, a hacker can remotely execute arbitrary code on a vulnerable computer. All versions of IE , from IE6 to the newest version, IE10, were under attack.
')
Another critical update affects Windows XP, Windows Vista and Windows Server 2003 and does not apply to modern Windows 7 or Windows 8 client systems (the patch is also sent to Windows Server 2008). The fourth fix concerns the Microsoft Exchange mail server and the fifth covers the vulnerability in Windows XP only.
In general, updates are aimed at addressing vulnerabilities in the following products : client versions of Windows, Windows Server, Office, Internet Explorer, Exchange, and the .NET Framework. 6 updates concern eliminating vulnerabilities like “Remote Code Execution”, allowing an attacker to remotely execute arbitrary code, 2 updates like “Denial of Services” and 4 “Elevation of Privelege”, which allow an attacker to upgrade their privileges in the system.
Commenting on Alex Ionescu (Alex Ionescu) - an expert in information security and Windows Internals:
It is noteworthy that the patch MS13-016 fixes a fairly large number of bugs in the kernel mode component win32k.sys (the Windows subsystem driver operating in kernel mode). In total, they eliminate 30 vulnerabilities in win32k (!).
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
Also note the safety recommendations:
• Install patches and updates for your software in a timely manner.
• Stay tuned for updates to such “critical software” as the Adobe Flash Player and Java.
• Try to run with administrator rights only those applications that you trust enough.
Check your version of Adobe Flash Player here .
Check java version here .
be secure.
In particular, two of the five critical updates eliminate vulnerabilities in Internet Explorer. Using these vulnerabilities, a hacker can remotely execute arbitrary code on a vulnerable computer. All versions of IE , from IE6 to the newest version, IE10, were under attack.
')
Another critical update affects Windows XP, Windows Vista and Windows Server 2003 and does not apply to modern Windows 7 or Windows 8 client systems (the patch is also sent to Windows Server 2008). The fourth fix concerns the Microsoft Exchange mail server and the fifth covers the vulnerability in Windows XP only.
In general, updates are aimed at addressing vulnerabilities in the following products : client versions of Windows, Windows Server, Office, Internet Explorer, Exchange, and the .NET Framework. 6 updates concern eliminating vulnerabilities like “Remote Code Execution”, allowing an attacker to remotely execute arbitrary code, 2 updates like “Denial of Services” and 4 “Elevation of Privelege”, which allow an attacker to upgrade their privileges in the system.
Commenting on Alex Ionescu (Alex Ionescu) - an expert in information security and Windows Internals:
Hackers can use phishing [to lure users to an exploit installation page] and, further, use “Elevation of Privelege” vulnerabilities to gain system-level privileges, which is essentially the worst case scenario for the security system.
It is noteworthy that the patch MS13-016 fixes a fairly large number of bugs in the kernel mode component win32k.sys (the Windows subsystem driver operating in kernel mode). In total, they eliminate 30 vulnerabilities in win32k (!).
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
Also note the safety recommendations:
• Install patches and updates for your software in a timely manner.
• Stay tuned for updates to such “critical software” as the Adobe Flash Player and Java.
• Try to run with administrator rights only those applications that you trust enough.
Check your version of Adobe Flash Player here .
Check java version here .
be secure.
Source: https://habr.com/ru/post/169153/
All Articles