News

March 2013 Patch Tuesday brings Internet Explorer 8, 'evil maid' fixes

Jeremy Stanley

Admins will focus their attention to workstations, as Microsoft patched nine Internet Explorer vulnerabilities and three USB driver vulnerabilities in this month's Patch Tuesday update.

With four bulletins rated critical and three rated important, March's patches fall short of the near record-breaking number of patches

    Requires Free Membership to View

seen in February.

The most urgent Internet Explorer (IE) vulnerabilities that need to be addressed affect IE 8.

The updates are "very critical for those who use IE 8. It's still an important patch, but you don't have to rush it out [if you're using a newer IE version]," said Wolfgang Kandek, CTO at Qualys, an IT security firm based in Redwood Shores, California.

A USB driver-related patch is also worth attention, Kandek said.

If an attacker has physical access to a workstation that is powered on, the machine could be compromised with an exploit on a USB thumb drive.

Though the bulletin is only rated important, Kandek said this is one to watch. There are numerous opportunities when an attacker could gain access. This type of approach is dubbed the "evil maid" attack where machines left in hotel rooms would be attacked, Kandek said.

Silverlight, Microsoft's interactive media plugin, received a critical patch, which repairs a vulnerability that could allow an attacker to remotely take over a machine.

In Microsoft Office, Visio, OneNote and SharePoint all received patches.

A full list of bulletins can be found from Microsoft. 

Non-security updates

Microsoft also released a number of non-security updates on Tuesday, squashing a number software bugs.

A cumulative update is available for Windows Server 2012 and Windows 8. It fixes issues with potential Group Policy Object errors, reliability improvements when using USB 3.0 devices and Wi-Fi performance on Windows 8 devices.

An update rollup for Windows 7 and Windows Server 2012 SP1 is available, containing 90 hotfixes since the release of the first service packs for both operating systems. Another update for Windows Server 2008 R2 fixes an issue with Active Directory and PowerShell.

Windows Defender for Windows 8 received an update, adding new anti-malware functionality and overall performance fixes.

Microsoft delivered Windows 8 and Windows Server 2012 application compatibility updates, which add support for devices. The company also added a compatibility update for Windows 8 and Windows Server 2012's legacy upgrade experience.

Internet Explorer 10 on Windows 8 and Windows RT now supports all Flash content, as opposed to a Microsoft-controlled whitelist.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: