Microsoft has just released this month’s Patch Tuesday updates, two of which are flagged as Critical. These updates fixes a total of 23 vulnerabilities in Windows, Internet Explorer and Silverlight.
Coincidentally, the total number of bulletins this month also comes in at 23.
Speaking of Critical updates, you might want to prioritize the deployment of MS14-012 and MS14-014, both of which take care of important vulnerabilities in Internet Explorer and Silverlight — including a zero-day flaw in the browser.
As the company notes in the security advisory published today, the Silverlight security vulnerability was privately reported, so no attacks have been recorded so far that make use of this exploit.
The Internet Explorer flaw was not, however, and some attacks have indeed been spotted, but Microsoft says that these were only against computers running Internet Explorer 10. This means that Windows 7 and Windows 8 should deploy this fix as soon as possible:
“These issues could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. We are aware of targeted attacks using CVE-2014-0322 against Internet Explorer 10. This issue was first described in Security Advisory 2934088, which included a Fix it for the issue.”
An update for Adobe Flash Player is also in the mix that can allow attackers to access user data.
All these updates are being delivered using the integrated Windows Update feature of the operating system, so no user interaction is necessary. A reboot is usually required to complete the installation of updates marked Critical, however.