Microsoft Releases 9 Security Bulletins for Patch Tuesday
The fixes include patches for critical vulnerabilities that affect Internet Explorer and the Windows Remote Desktop Client.Microsoft patched 14 security vulnerabilities in its Patch Tuesday update on April 9, including critical bugs affecting Windows and Internet Explorer. To address the vulnerabilities, Microsoft released a total of nine security bulletins this month, including two bulletins ranked "critical." Both of the critical bulletins, which affect Internet Explorer and Windows Remote Desktop Client, address vulnerabilities that could be exploited to permit an attacker to remotely execute code. According to Microsoft, the issues covered by the two bulletins can be exploited if an attacker tricks a user into viewing a specially crafted Web page. "Once again there is an IE patch (MS13-028) which is rated critical, but this one differs from last month's incarnation by applying to all supported versions of IE (6-10) on the relevant platforms, including IE 10 on Windows 7 and 8," Ross Barrett, senior manager of security engineering at Rapid7, said in a statement. "Due to the widespread use of IE and subsequently high degree of exposure for any group or individual using it, combined with the severity, this is where I would prioritize patching efforts." The other critical bulletin (MS13-029) should be the next priority for enterprises, he said.
"This issue is in the RDP ActiveX control and affects versions 6.1 and 7, but not 8," he added. "However, RDP 8 is not yet the default on the affected platforms. This issue could be triggered through an RDP link in a browser or other content. A workaround would be to set the 'kill-bit' for these ActiveX controls, but the update actually fixes the issue, rather than disabling the RDP control."