For this month’s Patch Tuesday Microsoft released 12 bulletins of which five were rated as Critical and seven as Important updates, addressing a total of 57 vulnerabilities across Internet Explorer, .NET Framework, Office, Windows and Exchange Server.
For those who need to prioritize deployments, there are 3 security bulletins that will need to be addressed right away.
MS13-009 addresses 13 issues across all supported versions of Internet Explorer and MS13-010 addresses issues in the Vector Markup Language (VML) which is used by all versions of Internet Explorer. Both of these issues could allow Remote Code Execution if a user viewed a specially crafted webpage using Internet Explorer.
MS13-020 affecting Windows XP resolves an issue in Microsoft Windows Object Linking and Embedding (OLE) Automation which could allow Remote Code Execution if a user opens a malicious RTF file with an embedded ActiveX control in either Word or WordPad.
In addition to the above mentioned bulletins, for the second time in less than a week, both Microsoft and Adobe released Critical-class bulletins (KB2805940 and APSB13-05) to update Flash Players. These updates address at least 16 distinct vulnerabilities including buffer overflow and use-after-free vulnerabilities that could lead to Code Execution.
All the above mentioned bulletins are now available for deployment via VMware vCenter Configuration Manager (VCM).
Sr. Member of Technical Staff, VMware Center for Policy & Compliance