Serious Security Patch for Windows
Microsoft has recently released an extensive patch for the world’s most popular operating system. The massive patch was intended to fix vulnerabilities that have been discovered in the Windows operating system that still powers almost 80% of the World’s computers.
The update patch contained twelve bulletins that covered 57 exploits found in almost every version of Windows. The largest number of users (almost 50%) appears to be using Windows 7, which was released in 2009.
Fortunately, only 5 bulletins were considered vital, and the remainders were considered as important. The patch release comes in the midst of other security-related concerns.
There are several current security concerns with major applications, including updates on Flash from Adobe, and continuing issues with Java and the Shockwave player.
Analysts and security experts advise that the patches should be applied to Flash and Internet Explorer as soon as possible as the vulnerabilities involve remote execution that can pose very serious threats.
The two most important updates are the ones related to IE and to the Windows kernel.
The Explorer update takes care of 13 bugs, 12 of which are flaws in remote execution where attackers can execute drive-by-downloads. The second update MS13-010 closes an exploit in the Vector Markup Language ( VML ). Security experts also state that there are other ways that the vulnerability can be exploited.
The situation has been deemed serious but not dire as the Vector Markup has been patched before, in both 2007 and in 2011, but there appears to be no easy way to mitigate or reduce the risks, and issuing patches now become the top priority.
Other Issues with Windows
Issues in all versions of Windows, including the XP and RT versions have been addressed in the latest update. The Windows XP update (bulletin MS13-020) resolved an issue that involved the automation of Windows Object Linking and Embedding ( OLE ). Microsoft has said that the vulnerability would allow attackers to operate your computer remotely, when a special Rich text file was opened.
The patch becomes a high priority for users of the XP version, which is scheduled to be phased-out in April of 2014.
There are also some flaws discovered in Microsoft Exchange Server that are more related to Oracle’s Outside In technology, where opening malicious documents in Outlook Web Access, can cause the mail server to become infected.
Experts are predicting that trend of vulnerabilities in 3rd party applications, may continue to affect the operation of widely-used Microsoft applications.
An additional bulletin involving media decompression, could allow remote code to be executed, if a specially generated media file, such as an .mpg, or a Microsoft Office document, such as a PowerPoint document is opened. The code may also be remotely executed when specially generated streaming content is received and transformed with a codec that is popular in Asian countries.
Microsoft advises all users of Windows products to install the patches as soon as possible.