Microsoft has released an advance notification of 9 security bulletins that it plans to release on April 9, 2013. In a table, it has listed the latest security bulletins in terms of severity of the vulnerability.
Of the 9 security bulletins that it plans to release on April 9, Microsoft has rated the vulnerability of 2 as critical and that of the remaining 7 as Important. The critical vulnerabilities, i.e. Bulletin 1 and 2, pertain to remote code execution issues. The Bulletin 1 vulnerability affects Microsoft Windows and Internet Explorer while the Bulletin 2 vulnerability affects Microsoft Windows. The remaining 7 vulnerabilities, rated as Important, pertain to issues affecting Microsoft Office, Microsoft Server Software and Microsoft Windows.
Early last month, Microsoft posted an advance notification on its Security TechCenter. The security bulletins addressed issues (severities ranging from Critical to Important) affecting a host of the company's software. The Redmond giant planned to release seven security bulletins for Windows and some programs, starting March 12.
The first bulletin was to address a remote code execution vulnerability affecting Windows and Internet Explorer. The advance notification rated this vulnerability as critical and one that requires a restart. The second bulletin addressed a remote code execution vulnerability affecting Microsoft Silverlight. This vulnerability was also rated critical, but does not require a restart. The third bulletin addressed a remote code execution vulnerability affecting Office and was rated as critical in terms of severity. The fourth security bulletin addressed a critical elevation of privilege vulnerability affecting both the Office and Server suites. The fifth and sixth security bulletins addressed an information disclosure vulnerability affecting Microsoft Office and were rated as Important. The last bulletin again addressed an elevation of privilege vulnerability affecting Windows.
The security bulletin patches 9 vulnerabilities
Microsoft also listed security updates that users may need to install. It suggested that users should look up each program to check for any relevant security updates pertaining to that installation. Microsoft has also listed the severity rating of each security update. Its security patches are largely for Windows and its components, the Office suites, developer tools and software, and Sharepoint. Users can catch the details of all the security updates Microsoft listed the details of all the security updates on the Security TechCenter.
Earlier this year, Microsoft released an emergency update for Internet Explorer after all the commotion about the security holes in Java. The update aimed to patch a security vulnerability in Internet Explorer that is being used for attacks on government contractors and other organisations.
The update will be automatically installed on infected machines that have automatic updates enabled and fixes a "use after free" bug in Internet Explorer 6, 7 and 8, according to Ars Technica. The update was pushed out to counter an experienced gang of hackers who were exploiting the vulnerability.
The update for IE came on the heels of another update that fixed a remote code execution loophole in the same versions of Internet Explorer. Microsoft had affirmed that it has added a link to the Microsoft Fix it solution, "MSHTML Shim Workaround", that prevents this issue from being exploited.
What was worrying about the vulnerability was that once the attacker managed to successfully crack the vulnerability, they could obtain the same user rights as the current user. "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," Microsoft's security advisory revealed.