Microsoft Patch Tuesday Includes 'Critical' IE8 Fix

Dennis Faas's picture

Microsoft is fixing more than thirty security vulnerabilities with its May 2013 Patch Tuesday security update package. All in all, this Patch Tuesday includes ten security updates, two of which have been marked 'critical'.

The most significant of Microsoft's fixes addresses a zero-day bug that could allow hackers to exploit a security vulnerability in the firm's Internet Explorer 8 web browser.

The flaw has been used by cyber criminals to attack United States government websites and steal information related to government employees. Most recently, the vulnerability was exploited by hackers targeting U.S. Department of Labor workers.

Hackers Growing Comfortable with Exploit

Late last week it became known that other organizations, including an unnamed European defense and aerospace contractor, had seen their websites targeted by hackers using the same exploit.

This means cyber crooks are becoming familiar with the vulnerability and more confident in exploiting it.

These assaults are popularly known as "watering hole" attacks because the exploits are found on websites known to be frequented by those who are targeted. (Source: computerworld.com)

Security expert Andrew Storms says he's not shocked there was an Internet Explorer fix this Patch Tuesday, but did indicate he was a little surprised to see Microsoft offering a patch for this particular IE8 issue.

"IE is always critical, and we expected at least one update this month," Storms said. "What was surprising was the IE8 fix." (Source: pcworld.com)

What's surprising? Microsoft's quick turnaround on this one.

"That's a lot of work in just a week," said Storms. "I thought they wouldn't get this out until the end of next week."

Hacker Contest Exposes New Vulnerabilities

Not much is known about the second 'critical' security update, though insiders speculate it could address flaws revealed during last month's Pwn2Own hacking contest.

"The Pwn2Own fixes have got to be in there, come on now," Storms insisted.

This Patch Tuesday also offers 'important' security updates for Windows 8, Windows RT, and the Office business suite.

Rate this article: 
No votes yet