Microsoft_new_squares_patch_SEC_120-687554c6b5f2e92aOn its March Patch Tuesday, Microsoft has released 7 bulletins to close 20 security holes. Four of the updates are rated critical; they affect Windows, Internet Explorer, Silverlight (including the Windows 8 version), Office, and the Microsoft Server software. Windows 8 and Windows RT are also affected by the holes.

Microsoft recommends that the updates for Internet Explorer (MS13-021), Silverlight (MS13-022), and the Windows core (MS13-027) be given highest priority. The Windows core vulnerability is interesting because, although a successful attack requires direct physical local access, it doesn’t require anyone to be logged into the system. This allows potential attackers to connect a specially crafted USB flash drive and execute code at system privilege level almost in passing. In an expansion to its guidelines, Microsoft will, in future, rate such “drive-by” attacks at a higher severity level than attacks which require gaining physical control of a system by, for example, removing a hard disk or by booting from a different medium.

The three “important” bulletins close further holes in Windows, Office, and Microsoft’s server software. Microsoft has also made available a Flash update for Internet Explorer 10, probably to catch up with Adobe’s update. The company has provided an overview of the March patches and a table with an exploitability index, which helps with assessing the risks.

Joseph Forbes (691)

Information Technology Consultant. For SMB, SOHO, and Online business. From Computers to Telecommunications this guy has been into it since hippies made it hip. Drone Pilot and Tech Aficionado I get to travel the State of Texas to help businesses succeed.