News Stay informed about the latest enterprise technology news and product updates.

March 2013 Patch Tuesday brings Internet Explorer 8, 'evil maid' fixes

March's Patch Tuesday updates contain fixes for Internet Explorer 8 and a USB drive exploit. Plus, the company released non-security updates.

Admins will focus their attention to workstations, as Microsoft patched nine Internet Explorer vulnerabilities and three USB driver vulnerabilities in this month's Patch Tuesday update.

With four bulletins rated critical and three rated important, March's patches fall short of the near record-breaking number of patches seen in February.

The most urgent Internet Explorer (IE) vulnerabilities that need to be addressed affect IE 8.

The updates are "very critical for those who use IE 8. It's still an important patch, but you don't have to rush it out [if you're using a newer IE version]," said Wolfgang Kandek, CTO at Qualys, an IT security firm based in Redwood Shores, California.

A USB driver-related patch is also worth attention, Kandek said.

If an attacker has physical access to a workstation that is powered on, the machine could be compromised with an exploit on a USB thumb drive.

Though the bulletin is only rated important, Kandek said this is one to watch. There are numerous opportunities when an attacker could gain access. This type of approach is dubbed the "evil maid" attack where machines left in hotel rooms would be attacked, Kandek said.

Silverlight, Microsoft's interactive media plugin, received a critical patch, which repairs a vulnerability that could allow an attacker to remotely take over a machine.

In Microsoft Office, Visio, OneNote and SharePoint all received patches.

A full list of bulletins can be found from Microsoft. 

Non-security updates

Microsoft also released a number of non-security updates on Tuesday, squashing a number software bugs.

A cumulative update is available for Windows Server 2012 and Windows 8. It fixes issues with potential Group Policy Object errors, reliability improvements when using USB 3.0 devices and Wi-Fi performance on Windows 8 devices.

An update rollup for Windows 7 and Windows Server 2012 SP1 is available, containing 90 hotfixes since the release of the first service packs for both operating systems. Another update for Windows Server 2008 R2 fixes an issue with Active Directory and PowerShell.

Windows Defender for Windows 8 received an update, adding new anti-malware functionality and overall performance fixes.

Microsoft delivered Windows 8 and Windows Server 2012 application compatibility updates, which add support for devices. The company also added a compatibility update for Windows 8 and Windows Server 2012's legacy upgrade experience.

Internet Explorer 10 on Windows 8 and Windows RT now supports all Flash content, as opposed to a Microsoft-controlled whitelist.

Dig Deeper on Windows Server troubleshooting

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

So far IE 7 not affected No patches avail