April's Patch Tuesday to fix two critical flaws in Windows, IE

Microsoft will later on this month fix nine flaws in total, including two critical vulnerabilities in Internet Explorer and all versions of Windows.
Written by Zack Whittaker, Contributor

In this month's roundup of security flaws, Microsoft said it will patch nine vulnerabilities in total, two of them rated "critical."

Screen Shot 2013-04-05 at 08.40.25

As usual, little information is provided about the flaws to ensure attackers can't exploit the flaws in advance of the upcoming release. But in today's advanced security bulletin, the software giant warns of flaws in both Windows, Internet Explorer, Microsoft Office and some of its server software.

The first critical flaw affects all versions of Internet Explorer, including: Internet Explorer 6, 7 and 8 on Windows XP; Internet Explorer 7, 8 and 9 on Windows Vista; and Internet Explorer 8, 9 and 10 in Windows 7. It also affects Internet Explorer 10 on Windows 8 and Windows RT-based tablets.

The vulnerability will fix a flaw that allows a drive-by attack, which hackers can exploit to attack machines running the software using malware-laden websites.

The second critical update affects Windows XP (Service Pack 3), Windows Vista (Service Pack 2) and Windows 7 — but not Windows 8 or Windows RT-based devices, such as Surface tablets. The patch will fix a flaw that allows an attacker to elevate privileges, such as from the more secure "user" to "administrator" privileges, opening up the core system files to attack and thus a greater scope for malware injection.

It's likely that, in line with previous months, Microsoft may also dish out a number of non-security related fixes to its Surface Pro and Surface RT tablets.

Any machines at home or at work with these affected systems will be patched in just under a week when Microsoft releases the software patches and fixes.

The software fixes will be released on April 9 through the usual update channels, such as Windows and Microsoft Update.

Editorial standards