June Patch Tuesday Fixes 'Downright Scary' IE Flaw

Dennis Faas's picture

Microsoft's June 2013 Patch Tuesday security update includes a fix for an Internet Explorer flaw that could allow hackers to remotely take control of a system.

The update, which will arrive tomorrow, addresses a serious vulnerability affecting versions 6, 7, 8, 9, and 10 of Microsoft's Internet Explorer web browser.

Internet Explorer Vulnerability "Downright Scary"

"This one would make it easy to remotely gain access to someone's machine via a malicious webpage," noted CORE Security development manager, Ken Pickering. "Bulletin One is downright scary."

To exploit the flaw, hackers would have to convince a victim to visit a website infected with some kind of malware. Paul Henry, a security researcher at Lumension, says this kind of tactic is becoming increasingly popular with cybercriminals.

"Many of the successful hacks we've seen lately have been through phishing attacks," Henry said. (Source: pcworld.com)

The security bulletin addressing the Internet Explorer flaw is the only one marked 'critical,' Microsoft's highest security rating. If the one 'critical' update wasn't so serious, this would be considered a relatively 'light' Patch Tuesday affair.

The remaining security bulletins being released this Patch Tuesday are marked 'important', meaning the associated flaws could be used by hackers to steal data.

Affected Microsoft programs include Office 2003 and the latest version of Office for Mac. (Source: zdnet.com)

However, security experts say exploiting these vulnerabilities wouldn't be easy for hackers to do.

"Since this is listed as only 'important,' there are likely significant hurdles to exploitation," noted Rapid7 senior manager, Ross Barrett. (Source: pcworld.com)

Fewer Security Bulletins Released in 2013

Overall, this Patch Tuesday includes the fewest security bulletins we've seen in a single month during calendar 2013. In total, Microsoft has released eight fewer security bulletins than it had at this point last year -- a positive sign.

However, it is worth noting that the number of 'critical' security bulletins released in 2013, 16, is the same number released by this point in 2012.

Rate this article: 
No votes yet