Microsoft released eight patches on Tuesday which fixes 19 different vulnerabilities in Microsoft software in Internet Explorer, Hyper-V, the Graphics Device Interface, Microsoft Office and others. FireEye which found the zero-day vulnerability in Internet Explorer during the weekend has also been fixed.
Experts mentioned that the most important patches during the release are the Internet Explorer patch [MS13-088], GDI [MS13-089] and the zero-day issue in ActiveX control which caused problems to several versions of Internet Explorer [Ms13-090].
Microsoft security experts had a busy week after FireEye, a security firm disclosed about the serious threats in Internet Explorer and also they had knowledge that the ActiveX Control Patch [MS13-090] would fix the flaw in InformationCardSignInhelper. making use of the bug, Hackers used a watering-hole-style attack and the exploit code appeared on text-sharing site Pastebin making the flaw a serious threat.
Two bugs that disclosed information and eight issues that caused memory corruption was also fixed by a patch [MS13-088]. These flaws were exploited by attackers in such away that made users view a page to create a drive-by-download attack, said Maiffret.
experts termed the patch “straightfowward” as the fixes were more focused towards Internet Explorer, Windows and Office components. “There was nothing esoteric or difficult to patch,” said Barrett.
Wolfgang Kandek, CTO of Qualys said, “Overall, while it is only a medium-sized patch Tuesday, pay special attention to the two 0-days and Internet explorer update. Bowsers continue to be the favorite target for attackers and Internet Explorer, with its leading market share is one of the most visible and likely targets.”