It's Patch Tuesday is the sixth from 2013. As for Patch Tuesday, June was relatively light, with only five security bulletins and only one rated as critical, but that is no reason to let down your guard. The average number of security bulletins for the first five months of 2013 was nine. A paltry five security bulletins for June is only about half what it administrators have come to expect, so it was good to get to calm down a bit. One security bulletin is a cumulative update for Internet Explorer, as well as four important bulletins which still deserve urgent attention.
Lamar Bailey, Director of security research for Tripwire, recognizes that a monthly update of Internet Explorer became the norm. Bailey points out that he still is a bit unusual for a IE Update to resolve vulnerabilities in 19 individual and proclaims that "it's just a matter of time before one of them gets exploited." Qualys CTO Wolfgang Kandek agrees. Kandek voltages in a blog post that the deficiencies in the MS13-047 affect all supported versions of Internet Explorer from IE6 to IE10, works on all supported versions of Windows from XP to RT. "given the large number of vulnerabilities fixed, this will be a prime target for hackers reverse engineer and construct an exploit that can be delivered via a malicious Web page.
Most security experts agree that the MS13-047 should be your highest priority and apply the update at the earliest opportunity. There are some who believe that the MS13-050 is more relevant, though. Ross Barrett, Senior Manager of safety at Rapid7, believes that the first priority should be the MS13-051 security bulletin addresses vulnerabilities in Office 2003 and Office for Mac 2011.
According to Barrett, "this problem is seeing limited, targeted exploitation in the wild, and the only reason Microsoft did not mark it as" Critical "is based on a limited number of affected platforms. Barrett also stresses that the use of this question requires the user to interact with the malicious document. Tyler Reguly, technical manager of security research at Tripwire, laments, "it's disappointing to see that Mac users Microsoft software get the short end of the stick when it comes to security. You have to wonder how a vulnerability that affects only Office 2003 is to Office for Mac 2011, "adding," as a Mac user, I find very disconcerting in this release.
Adobe also joins the party today with the release of a new version of Flash. This update resolves a security vulnerability discovered by Google. Users chrome and Internet Explorer 10 will get updates automatically, depending on the updates for their browser. As always, all five Microsoft security bulletins and updates from Adobe, must be considered, and you must determine the priority regarding the products and services used by your systems and the possible impact of the exploit.