Grant McGregor News

Latest Microsoft Patches & Updates May 2013

May 14 2013

Microsoft issues some important updates in this week’s bulletin.

Eight updates & two critical bulletins address some key flaws across the Windows Server and Microsoft Office apps.

A denial of service exploit vulnerability was fixed for Windows 8 and Windows Server 2012 whereby an attacker could use a malicious HTTP packet to bring down service.

The update only affected newer versions of Windows Server but vulnerabilities can be avoided if companies employ the newest version of an operating system.

Microsoft fixes for Internet Explorer

Vulnerabilities in Microsoft Internet Explorer have also been addressed in this month’s two critical bulletins. One deals with a remote code execution vulnerability in Internet Explorer version 8 (IE 8) – a so-called zero-day flaw.

Organisations using IE 8 should upgrade to a newer version though users still using Windows XP should note that they cannot upgrade beyond IE 8 – time to move on!

The other moderate-rated bulletin deals with all currently supported IE versions across multiple versions of Windows.

Driver Vulnerability

In all Windows Server versions and desktop versions of Windows, Microsoft patched a driver vulnerability which could lead to elevation of privileges.

A .NET Framework vulnerability that could lead to spoofing files and accessing endpoint functions was also addressed in another important bulletin.

Word and Publisher applications were also addressed by important remote code execution bulletins.

Finally, there were patches for Essentials and Visio applications in important bulletins where vulnerabilities could lead to information disclosure.

In 2013 the total number of bulletins is now 45, a fair increase when compared with the 35 releases at the same point in 2012.

You can find out more info on this bulletin and the updates here:

If you update your patches manually or use something such as WSUS (which only covers Microsoft updates) to help, then you could save time and effort by scanning for vulnerabilities, patching your software automatically and reporting on all that’s been done for compliance or management purposes.

Take a look at one of our solutions – GFI LanGuard – that does all of this in a smart, and time-saving fashion.