June Patch Tuesday Fixes 'Downright Scary' IE Flaw
June Patch Tuesday Fixes 'Downright Scary' IE Flaw
Submitted by Dennis Faas on Mon, 06/10/2013 - 08:00
Microsoft's June 2013 Patch Tuesday security update includes a fix for an Internet Explorer flaw that could allow hackers to remotely take control of a system.
The update, which will arrive tomorrow, addresses a serious vulnerability affecting versions 6, 7, 8, 9, and 10 of Microsoft's Internet Explorer web browser.
Internet Explorer Vulnerability "Downright Scary"
"This one would make it easy to remotely gain access to someone's machine via a malicious webpage," noted CORE Security development manager, Ken Pickering. "Bulletin One is downright scary."
To exploit the flaw, hackers would have to convince a victim to visit a website infected with some kind of malware. Paul Henry, a security researcher at Lumension, says this kind of tactic is becoming increasingly popular with cybercriminals.
"Many of the successful hacks we've seen lately have been through phishing attacks," Henry said. (Source: pcworld.com)
The security bulletin addressing the Internet Explorer flaw is the only one marked 'critical,' Microsoft's highest security rating. If the one 'critical' update wasn't so serious, this would be considered a relatively 'light' Patch Tuesday affair.
The remaining security bulletins being released this Patch Tuesday are marked 'important', meaning the associated flaws could be used by hackers to steal data.
Affected Microsoft programs include Office 2003 and the latest version of Office for Mac. (Source: zdnet.com)
However, security experts say exploiting these vulnerabilities wouldn't be easy for hackers to do.
"Since this is listed as only 'important,' there are likely significant hurdles to exploitation," noted Rapid7 senior manager, Ross Barrett. (Source: pcworld.com)
Fewer Security Bulletins Released in 2013
Overall, this Patch Tuesday includes the fewest security bulletins we've seen in a single month during calendar 2013. In total, Microsoft has released eight fewer security bulletins than it had at this point last year -- a positive sign.
However, it is worth noting that the number of 'critical' security bulletins released in 2013, 16, is the same number released by this point in 2012.
Rate this article:
Need Help? Ask!
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.