SOFTWARE PATCH HOUSE Microsoft has released its February Patch Tuesday, which exposes multiple security holes in Internet Explorer.
The patch was rolled out Tuesday containing nine bulletins fixing 21 vulnerabilities. While the patch was quite large, a lot of the bulletins turned out to be not as bad as expected, but Internet Explorer is of the most concern.
Wolfgang Kandek, CTO of security firm Qualys highlighted that bulletin two, rated critical, fixes a total of four vulnerabilities in Internet Explorer. These could be used to allow remote code execution in the latest versions of Internet Explorer.
Microsoft said, "An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user."
"Last month we saw how quickly attackers could react to new vulnerabilities when exploits for MS12-004 appeared within two weeks of its release on attack sites. So while none of the vulnerabilities in MS12-010 were publicly known, you should install this fix as quickly as possible," said Kandek.
MS12-013 is another bulletin rated critical and applies to a DLL exploit in Windows that an attacker could exploit with a specially crafted Windows Media File. Kandek said this should be a high priority.
"It turns out that this February Patch Tuesday is lighter than we had anticipated. Some of the nine bulletins should be less worrisome to IT admins," he added.
He pointed out that four of the bulletins, all rated important, aren't big issues. Bulletin nine, which relates to Microsoft Office, applies to the rare Visio viewer program. Bulletins seven and eight relate to DLL preloading weaknesses in the Indeo Codec and the Colour Control Panel, both of which should have been fixed by a work-around released in June 2010. µ