Patch Tuesday: seven fixes to kick off the New Year

 

Gallery

By Barry Collins

Posted on 4 Jan 2013 at 16:42

Microsoft is giving no respite to system admins at the start of 2013 with no fewer than seven bulletins in the first monthly batch of patches.

There are two critical and five important patches in January's batch, but there's no fix for the Internet Explorer bug discovered at the tail-end of 2012 that leaves older versions of Microsoft's browser vulnerable to remote code execution.

Microsoft, it appears, hasn't had sufficient time to code and test the patch for Internet Explorer 6, 7 and 8, but said in last week's security update that it would consider a one-off update to address the flaw.

The two critical bugs that are being fixed this month also deal with remote code execution flaws that affect various versions of Windows, including XP, Vista, Windows 7 and Windows 8. Microsoft Office and Microsoft Developer Tools are also targeted by the second of the critical flaws.

Three of the important flaws deal with elevation of privilege issues in various versions of Windows and Windows Server.

The other two tackle security bypass and denial of service flaws in Windows and the .NET framework.

Full details of all the patches can be found in the Microsoft Security Bulletin.