Patch Tuesday June 2013 - Office, Windows and Flash

Filed Under: Adobe, Adobe Flash, Denial of Service, Featured, Internet Explorer, Microsoft, Vulnerability, Windows

Patch Tuesday It's the second Tuesday in June and as promised Microsoft and Adobe have delivered the latest fixes for their wares.

I see a lot of websites comparing the urgency of applying fixes based upon the number of bulletins Microsoft releases each month.

There is some truth to that, if more products have flaws you are likely to be at higher risk, but truthfully what is more important is the likelihood of those flaws being exploited and how widely deployed the vulnerable products are.

Which makes this month's fixes very important.

ImportantUpdates170MS13-047 fixes eighteen flaws in Internet Explorer versions 6 through 10. Nearly every one of those vulnerabilities has a tag "Exploit code likely" next to it.

You know what that means... Apply the fixes now. Without a doubt this is the most important update from Microsoft this month.

MS13-048, MS13-049 and MS130-050 are all rated important and affect Windows itself. All were privately disclosed, but could result in information disclosure or denial of service.

You should have time to thoroughly test these, but you should still apply them as soon as you are able.

The last, MS13-051 is a flaw in Office 2003 for Windows and Office 2011 for Mac that can result in remote code execution (RCE) if the user opens a properly booby-trapped document.

This flaw has been used in targeted attacks according to Microsoft, so even though it is only marked important you should apply it right away if you run the affected versions.

Last week Duck speculated that Microsoft might release a fix for the Tavis Ormandy zero day vulnerability.

shutterstock_ShhhSecret170Considering all the vulnerabilities this month were privately reported to Microsoft we can rule that out. Hopefully Microsoft will be able to get us a fix for this in July's update.

Administrators should see the latest Microsoft fixes in their WSUS consoles now. End users can get the latest updates for Windows from https://update.microsoft.com.

Adobe also released a fix for Adobe Flash Player today. APSB13-16 fixes a single remote code execution vulnerability reported to Adobe by the Google Security Team.

Users of Adobe Flash can get the latest release at http://get.adobe.com/flashplayer.

Photo of men Shhhhing courtesy of Shutterstock.

, , , ,

You might like

One Response to Patch Tuesday June 2013 - Office, Windows and Flash

  1. john · 311 days ago

    is this the reason why myself and 2 friends have the blue screen of death that cannot be undone today ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.