It’s that time of the month again (no pun intended). It’s Patch Tuesday. It also happens to be the 10th anniversary of the celebrated (not) monthly visitor (sorry, they just keep coming). Microsoft released eight new security bulletins—four rated as Critical and four Important. The most urgent one, however, is MS13-080—the cumulative security update for Internet Explorer. It addresses a total of 10 separate vulnerabilities affecting all supported versions of the Web browser:
This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Other Critical patches:
MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
MS13-082: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
MS13-083: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058)
Better get patching!