April 2013 Patch Tuesday Includes Fix for Critical IE Issues
For this month’s patch Tuesday, Microsoft released security updated to resolve nine bulletins, including a bulletin for two critical issues found in all versions of Internet Explorer on all supported versions of Windows (which includes Windows 8 and Windows RT).
These issues received a critical severity rating, which means IT or security administrators should consider this bulletin high-priority. These issues affect all versions of Internet Explorer, from IE 6 to 10. If successfully exploited, these vulnerabilities could permit a possible attacker to execute a malware once user visits certain malicious website via Internet Explorer (or what we call drive-by downloads or attacks). The other IE issue may allow a successful attacker to gain the same rights or privileges that an affected user has. Fortunately, this may have less impact if victim has no administrator privileges.
The other critical bulletin addresses an privately disclosed vulnerability in Windows Remote Desktop. Like the IE bulletin, this issue may allow a remote malicious user to execute malicious code onto the vulnerable system.
Besides this month’s roster of security updates, Microsoft announced another major reminder, specifically its plan to stop supporting Windows XP and Office 2003 by April 8, 2014. Thus, we might be seeing less and less of updates for the platform until this deadline. To prevent any possible problems, Microsoft is encouraging its customers, who are still using Windows XP, to upgrade to a “more modern platform” such as Windows 7 and 8 the soonest possible.
Trend Micro Deep Security and OfficeScan with Intrusion Defense Firewall (IDF) plugin users are protected from any attacks that may leverage these vulnerabilities. For more information on the bulletins and corresponding Trend Micro solutions, visit the Threat Encyclopedia Page.