First Patch Tuesday of 2013: Microsoft Security Updates

On Tuesday, January 8, 2013, Microsoft plans to issue seven security bulletins to address a total of 12 vulnerabilities. Two of the bulletins are rated critical; the flaws they address could be exploited to allow remote code execution. The other five are rated important; the vulnerabilities they fix could be exploited to elevate privileges, bypass a security feature, or create denial-of-service conditions.

Affected software:

•    Windows
•    Microsoft Office
•    Microsoft Developer Tools
•    Microsoft Server Software
•    Microsoft .NET Framework

Security updates are available from the Windows Update tool, the Windows Server Update Services or the Download Center. MIT WAUS subscribers will receive the updates as they are tested and released.

Last week Microsoft released a temporary fix for an Internet Explorer (IE) flaw that is being actively exploited in targeted attacks. The vulnerability affects IE 6,7, and 8, but not newer versions of the browser. Microsoft has issued an advisory about the issue and says it is “working around the clock” on a patch for the flaw (but it does not appear to be included in this month’s scheduled patch release).


About MIT
IT Security Awareness Consultant and Communications Specialist at MIT

Comments are closed.

%d bloggers like this: