Patch Tuesday: Microsoft to fix four critical flaws, all versions of IE at risk again

Patch Tuesday: Microsoft to fix four critical flaws, all versions of IE at risk again

Summary: Prepare your systems (and a strong pot of coffee): Patch Tuesday is on deck for another month. Microsoft will release patches for seven security vulnerabilities, four of them considered 'critical.'

SHARE:
TOPICS: Security
45

Microsoft will release seven fixes next week for Windows, Internet Explorer and Office, as well as a small handful for Windows Server and Silverlight, to address a number of security vulnerabilities.

The software giant warns that four of the patches will fix 'critical' vulnerabilities.

Screen Shot 2013-03-08 at 07.51.44
Bugs ahoy, in Microsoft's latest Patch Tuesday advance warning. (Credit: Microsoft)

Three of the four 'critical' flaws affect Windows, Internet Explorer, Office, Windows Server and SharePoint, which could all lead to remote code execution—such as allowing hackers access to install malware without user prompts or permission. The flaws rated 'important' could lead to an elevation of user privileges or the disclosure of user data or personal information.

The most worrying vulnerability affects all versions of Windows XP (Service Pack 3) and above, including Vista, Windows 7 and Windows 8—including tablets running Windows RT—along with all versions of Internet Explorer 6 and above.

A second flaw relates to Silverlight, a popular Web plug-in used in replacement of Flash—often used by Netflix users—will also require patching to address a critical vulnerability that affects both Windows and Apple OS X machines.

The third 'critical' flaw affects Visio, an Office application, as well as a separate flaw in the Office Filter Pack. 

The fourth and final 'critical' update fixes a flaw that would allow an elevation of user privileges in SharePoint, Microsoft's Web-based content management (CMS) and portal service. An elevation of privileges would potentially allow a hacker to access an administrative account even if a user is logged in, granting them access to a far greater spread of system files or networked shares.

The remaining 'important' bulletins also include Mac users running Office for Mac 2008 and 2011. Another flaw that would allow an elevation of privileges in Windows XP SP3 up to Windows 8 will also be stamped out by the updates. OneNote 2010 is also affected by a 'important'-rated vulnerability.

Microsoft doesn't release the full details of the vulnerabilities until patches are made available. 

This should serve as an advisory notice for the upcoming Tuesday, March 12, when the patches are released through the usual update channels.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

45 comments
Log in or register to join the discussion
  • ... for the upcoming Tuesday, March 13,

    Unless you're still using the Mayan calendar this coming Tuesday is the 12th.
    Oknarf
    • Good point!

      Editing now. (Mayan calendar crack: hilarious. Second person to comment today who's made me laugh.)
      zwhittaker
  • Where are Zdnets usual THREE STOOGES today

    Larry = Loverock-Davidson
    Moe = toddbottom3
    Curley = Owlll1net

    All three chimed in again with their usual FUD how Microsoft is the greatest.

    They also FAIL to explain why Steve Ballmer even calls Surface RT a FAIL.

    Surface and W-* are an example of Microsoft greatness = NOT
    Over and Out
    • Be nice

      Personal attacks are *not* cool.
      zwhittaker
      • Personal attacks are *not* cool

        Sure they are.

        :)
        CaviarGreen
    • The Three Stooges? Really?

      That was pathetic insult.

      Hell, you're praising the three by calling them one of America's greatest comedy groups.


      Anyhow, have a Flag.

      "Without limiting any other provision in these Terms, you may not use the Services to do the following or assist others to do the following:

      • Threaten, defame, stalk, abuse, or harass other persons or engage in illegal activities;"
      ForeverCookie
      • "Without limiting any other provision in these Terms, ..."

        As if anybody cares about that.

        Are you new to forums or are you naturally clueless?
        CaviarGreen
  • Another patch tuesday

    Another group of vulnerabilities down.

    Isn't this a good thing, that they're fixing their products?
    Michael Alan Goff
    • Good thing? Bad think?

      Michael:

      "Isn't this a good thing, that they're fixing their products?"

      It would be a better thing if they would sell products without the special Microsoft guarantee. To wit:

      "We of Microsoft guarantee that every product we sell will be vulnerable to malicious attack. We further guarantee that if you use our software your computer WILL be compromised, unless you use and keep current several third-party security programs, and sometimes even if you do. Each week we will close a few security flaws in our software via patches, but we guarantee there will still be more vulnerabilities, which we will close as they come to our attention."

      It's nice that Bill Gates hires the mentally handicapped. It would be nicer if he didn't have them writing the software he sells.
      daniel1948x
      • I'm going to let you in on a secret

        OS X has security flaws.
        Linux has security flaws.

        Every piece of software ever made has security flaws.
        Michael Alan Goff
        • remote code execution

          Others not so many, not that frequent even though you get about 40gb+ worth repositories for a GNU/Linux or *BSD distro,
          ---------------
          * those Gbs do mean A LOT, it's not those bloaty 12gb Windows RT, you know.
          eulampius
          • Huh?

            I take it you haven't actually used Linux, since I can easily get more than 40mb of patches a week.

            Not a bad thing, it just is.
            Michael Alan Goff
          • did you know

            that 1gb=2^10mb=1024mb?
            And where did I say "patches"?

            My LMDE roll-release can get 900mb of "patches" about every 6 months. The / dir, where system resides (and /home is external to that) is only 6.6gb right now, with full Libreoffice, GNU Emacs and a bunch of other things.
            eulampius
          • Hmmm

            Oh, I forgot to post something else in there that was more relevant.

            That's crap about 40gb worth of repositories, unless you have so many extra software repos on your system (which doesn't matter, since you're also updating third party software like Firefox).

            The average repository list isn't even 100mb in grand total.
            Michael Alan Goff
          • translating this for

            you. No, 40gb is not crap. Ana average GNU/Linux repository contains many hundred times more software than hat Redmond could ever offer, a blue-whale-vs.-rat comparison, so to speak. So when you see the vulnerability statistics of a distro, it covers all that huge volume of software, only small percentage of which is really installed on a typical desktop though and even less than that on a typical server.

            Comprenez-vous maintenant, monsieur?
            eulampius
          • Yes, 40 gb is crap

            When you try to update, pulling down the repositories, you won't get anywhere near a single gigabyte.

            :|
            Michael Alan Goff
          • What?

            Stil can't get what you're trying to say. Do bear in mind tha "patching" is not a correct word. It only makes sense for the source code, plain text. Compiled binaries will be hard to diff here. This should apply to both MS and any other system. So, it's a replacement of binaries. Anyways, here's my bas-awk script for you:
            #!/bin/bash
            #compute the total size in gbs of available pckgs in the #enabled Debian repositories as reported by apt-cache

            LIST=$(apt-cache search '.*' | awk 'BEGIN{ORS=" "}{print $1}')
            apt-cache show $LIST |\
            awk '
            {
            if(gsub(/^Size: /,"")){sum+=$0;}
            }
            END{printf "The total size is %.4f gb\n",sum/2^20;}'

            On my old Ubuntu system it outputs:
            The total size is 51436.8928 gb
            On the new LMDE (Linux Mint Debian Edition):
            The total size is 47549.6729 gb
            eulampius
          • I'm trying to find something relevant to what you're saying

            Yet... I still haven't found anything.
            Michael Alan Goff
      • "Good thing? Bad think? "

        So, Microsoft programmers are "mentally handicapped"? Then you need to rush right on down and go to work for Microsoft- you'll fit right in...
        xplorer1959
    • they fixing their products

      For the decades they had "fixing" these holes, Microsoft would have instead completely redesigned and rewritten Windows.

      The problem with Windows is that both the design and the implementation are bad.
      danbi