Patch Tuesday: 23 vulnerabilities fixed; IE, Windows, Office

Summary:One "critical" vulnerability and four "important" ones round out this week's software fixes from Microsoft.

internet-explorer-10-logo-close-crop-tilt-filter-620x348

Microsoft on Tuesday issued five security bulletins, one rated "critical," that affect its Internet Explorer web browser, Windows operating system and Office productivity software suite. 

The patches address 23 vulnerabilities in total.

The most important one, a cumulative security update for all versions of Internet Explorer coded MS13-047, resolves 19 flaws that could allow remote code execution if a customer views a specially-crafted Web page using the browser. A successful exploit allows the hacker to gain the same user rights as the current user.

The issues were found privately and no attacks have been detected, the company says. It first revealed them last week .

The second bulletin, coded MS13-051, patches a vulnerability in Microsoft Office 2003 and Office for Mac 2011 that could allow remote code execution if a user either opens a specially-crafted Office document using an affected version of Microsoft Office software or previews or opens a specially-crafted email message in Outlook while using Microsoft Word as an e-mail reader. Unlike the first, this update is rated "important."

This flaw was also discovered privately, though Microsoft says it has seen "limited, targeted attacks" for it. 

The final three bulletins all concern Windows. MS13-049 concerns a vulnerability in the Kernel-Mode driver that could allow a denial-of-service if an attacker sends specially crafted packets to the server; MS13-050 concerns a vulnerability in Print Spooler Components that could allow elevation of privilege when an authenticated attacker deletes a printer connection; and MS13-048 concerns a Kernel vulnerability that could allow information disclosure if an attacker logs on to a system and runs a specially crafted application. All were disclosed privately.

Finally, Microsoft issued an advisory that "gives enterprises more options for managing their private public key infrastructure," or PKI, environments. The improved certificate-handling functionality, which was first available in Windows 8, Server 2012 and RT, is now available for Vista through Windows 7.

Topics: Security, Microsoft

About

Andrew Nusca is a former writer-editor for ZDNet and contributor to CNET. He is also the former editor of SmartPlanet, ZDNet's sister site about innovation. He writes about business, technology and design now but used to cover finance, fashion and culture. He was an intern at Money, Men's Vogue, Popular Mechanics and the New York Daily Ne... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.