It’s the second Tuesday of April and that means it is Microsoft‘s Patch Tuesday, the day of the month when Microsoft releases several scheduled patches and updates for their various software products. In the arena of Third-Party applications, Adobe has updated a small number of products and Java still sits at version 7 Update 17. So, here is a quick break down of the updates:
- Two Critical bulletins that cover Internet Explorer and Remote Desktop Client. Both of these vulnerabilities allow for attackers to launch programs remotely.
- Seven Important bulletins that affect various Windows versions (two impact Windows 8 directly), Office, and Windows Defender. 5 of these vulnerabilities allow for a user to increase their privileges on a computer, while 1 bulletin can results in a denial of service for Domain systems, and the last bulletin causes information disclosure.
- One update to Coldfusion that could allow an individual with no credentials to the administrative console to gain access.
- One update to Shockwave Player that could allow an individual to remotely launch programs on a computer.
- One update to Flash Player and Air that could allow an attacker to crash the program and take control of the computer system.
Users are encouraged to apply these updates to a test system prior to deployment to their critical systems to test for conflicts and problems caused by the updates to existing programs. Microsoft Windows users are encouraged to test and apply both Critical updates as soon as possible to avoid potential exploitation.
There are currently limited known attacks in the wild for the Microsoft updates, none of which currently target either Critical bulletin.
Here are links to the security update advisories:
Additionally, April 8th 2013 marks the day that Windows XP Service Pack 3 has 365 days remaining on its Extended Support. After April 8th, 2014, Microsoft will no longer be providing updates or patches for Windows XP Service Pack 3. Service Pack’s 1 and 2 are currently no longer supported.