Patch Tuesday June 2013 – Office, Windows and Flash

Patch Tuesday It’s the second Tuesday in June and as promised Microsoft and Adobe have delivered the latest fixes for their wares.

I see a lot of websites comparing the urgency of applying fixes based upon the number of bulletins Microsoft releases each month.

There is some truth to that, if more products have flaws you are likely to be at higher risk, but truthfully what is more important is the likelihood of those flaws being exploited and how widely deployed the vulnerable products are.

Which makes this month’s fixes very important.

ImportantUpdates170MS13-047 fixes eighteen flaws in Internet Explorer versions 6 through 10. Nearly every one of those vulnerabilities has a tag “Exploit code likely” next to it.

You know what that means… Apply the fixes now. Without a doubt this is the most important update from Microsoft this month.

MS13-048, MS13-049 and MS130-050 are all rated important and affect Windows itself. All were privately disclosed, but could result in information disclosure or denial of service.

You should have time to thoroughly test these, but you should still apply them as soon as you are able.

The last, MS13-051 is a flaw in Office 2003 for Windows and Office 2011 for Mac that can result in remote code execution (RCE) if the user opens a properly booby-trapped document.

This flaw has been used in targeted attacks according to Microsoft, so even though it is only marked important you should apply it right away if you run the affected versions.

Last week Duck speculated that Microsoft might release a fix for the Tavis Ormandy zero day vulnerability.

shutterstock_ShhhSecret170Considering all the vulnerabilities this month were privately reported to Microsoft we can rule that out. Hopefully Microsoft will be able to get us a fix for this in July’s update.

Administrators should see the latest Microsoft fixes in their WSUS consoles now. End users can get the latest updates for Windows from

Adobe also released a fix for Adobe Flash Player today. APSB13-16 fixes a single remote code execution vulnerability reported to Adobe by the Google Security Team.

Users of Adobe Flash can get the latest release at

Photo of men Shhhhing courtesy of Shutterstock.