Microsoft and Adobe have released updates for their products.
Microsoft announced the release of the next series of patches aimed at eliminating vulnerabilities in their products. Previously announced in the pre-release (March 7), security fixes cover a total of 20 unique vulnerabilities (4 fixes with the Critical status and 3 with the Important status). A detailed report (including correlation fixes with CVE ID) can be found here . One of the critical updates is aimed at eliminating a vulnerability that is present in all versions of Internet Explorer, starting with version 6 and ending with the latest IE 10 . Another critical fix is ​​aimed at the Silverlight platform. Both of these vulnerabilities belong to the “Remote Code Execution” class and can potentially be used to successfully implement drive-by download / installation attacks , for example, involving a set of exploits for this purpose.
Unlike last month, this set of fixes contains far fewer fixes (the February set of updates eliminated a total of 57 vulnerabilities, most of which were in the “long-suffering” win32k.sys). This month, critical updates target products: Microsoft Silverlight, Internet Explorer, Office, and Microsoft Server Software, and three important updates are addressed to Microsoft Windows and Office .
')
The MS13-021 update closes nine vulnerabilities in IE that are of type use-after-free.
Update MS13-027 with the status “Important” is aimed at eliminating several vulnerabilities like “Elevation of Privilege” in the OS itself. These vulnerabilities relate to embedded USB kernel mode drivers and cover the whole range of operating systems, from Windows XP to Windows 8, as well as Windows Server 2012. The vulnerability numbers are CVE-2013-1285, CVE-2013-1286, CVE-2013 -1287. Using them, an attacker can run arbitrary code in kernel mode and elevate its privileges to the system level.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
Also note that the Adobe Flash Player updates have been released today. The updates are aimed at closing four vulnerabilities (CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375) .
Currently, the current Flash Player versions for browsers are:
be secure.
Unlike last month, this set of fixes contains far fewer fixes (the February set of updates eliminated a total of 57 vulnerabilities, most of which were in the “long-suffering” win32k.sys). This month, critical updates target products: Microsoft Silverlight, Internet Explorer, Office, and Microsoft Server Software, and three important updates are addressed to Microsoft Windows and Office .
')
The MS13-021 update closes nine vulnerabilities in IE that are of type use-after-free.
Update MS13-027 with the status “Important” is aimed at eliminating several vulnerabilities like “Elevation of Privilege” in the OS itself. These vulnerabilities relate to embedded USB kernel mode drivers and cover the whole range of operating systems, from Windows XP to Windows 8, as well as Windows Server 2012. The vulnerability numbers are CVE-2013-1285, CVE-2013-1286, CVE-2013 -1287. Using them, an attacker can run arbitrary code in kernel mode and elevate its privileges to the system level.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
Also note that the Adobe Flash Player updates have been released today. The updates are aimed at closing four vulnerabilities (CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375) .
Adobe Flash Player 11.6.602.171 and Adobe Flash Player 11.1.115.47 and Adobe Flash Player 11.6.602.171 and Adobe Flash Player 11.1.602.171 and Adobe Flash Player Player 11.1.111.43 and earlier versions for Android 3.x and 2.x. This is an update of the address system .
This update can lead to code execution (CVE-2013-0646).We recommend that users check the version of Flash Player used by your browser, for this you can use the official. adobe source here or here . Note that browsers such as Google Chrome and Internet Explorer 10 are automatically updated with the release of the new version of Flash Player. You can get information on updating Flash for your browser via this link .
This can be used to determine the number of arbitrary code (CVE-2013-0650).
Couldn’t lead to code execution (CVE-2013-1371).
This update can lead to code execution (CVE-2013-1375).
Currently, the current Flash Player versions for browsers are:
be secure.
Source: https://habr.com/ru/post/172011/
All Articles