Microsoft rolled out this month’s Patch Tuesday updates, and the company has posted 7 bulletins designed to fix 20 different vulnerabilities in software like Windows, Office, Internet Explorer, Silverlight and Server Tools.
The company explained all the different issues in a blog post on TechNet:
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current owner. All but one of these issues were privately disclosed and we have not detected any attacks or customer impact for any of the issues.”
The Internet Explorer bulletin carries a codename MS13-021 and is said to fix 9 issues in Microsoft’s premier web browser. The Silverlight update is labeled MS13-022 and it takes care of a bug that could allow an attacker to take control of an unpatched system with the help of a compromised website.
Microsoft said that the issue was privately reported, and no instance of exploitation has been confirmed.
A USB vulnerability exploit also got fixed, where by an attacker could execute malicious code on a system simply by plugging in a USB device — even with the computer locked or no user logged in.
This fix is aimed at all versions of Windows, from Windows XP, to Vista, 7, 8, RT and Server.
Four of the updates come with a critical tag, and the remaining three are labeled as important. As always these are being delivered through the integrated Windows Update and set to be automatically deployed on all vulnerable systems.