Microsoft rushes Explorer 8 patch release

Microsoft's Patch Tuesday for May addresses 10 security issues, three of them that need to be addressed immediately

Just 11 days after issuing an advisory, Microsoft has released a patch for a bug in Internet Explorer 8 that bedeviled the U.S. Department of Labor earlier this month.

Microsoft's speedy release of this patch "is an outstanding example of Microsoft's responsiveness to the security community and their users," wrote Andrew Storms, director of security of operations for security software provider Tripwire, in an email statement.

This IE8 security bulletin (MS13-038) is one of 10 that Microsoft released Tuesday as part of its "Patch Tuesday" release of bug fixes and security bulletins that the company routinely issues on the second Tuesday of each month.

Microsoft marked MS13-038 as critical and the company, along with other security firms, are advising those still running IE8 to apply the fix immediately. Using an altered Labor Department Web page, attackers used this vulnerability in an attempt to install malicious code on any visitor's machine running IE8. Microsoft issued a temporary fix for this vulnerability last week.

The other critical bulletin, MS13-037, also affects Internet Explorer. This update resolves 11 issues that would have made it easy to inject malicious code into the browser from a specially crafted Web page, allowing the user to take control of a computer. The update covers the PWN2Own vulnerability, unearthed earlier this year.

Those running Windows Server 2012 should take an immediate look at MS MS13-039. This update fixes a vulnerability in the Microsoft Web IIS (Internet Information Services) that could be used in a Denial of Service (DoS) attack, through the use of an HTTP packet. Because it would be relatively simple to craft an attack using this vulnerability, organizations should apply this update as soon as possible, because exploits based on this vulnerability might start appearing in as little as a few weeks, according to Tripwire.

Ross Barrett, senior manager of security engineering at the security firm Rapid7, wrote in a statement that "while DoS attacks are generally considered second (or third) tier as far as risk, this could potentially be very disruptive to an organization, since many remote services and Active Directory integrations rely on http.sys," which is the networking subsystem used by IIS.

A "successful exploit of this bug could have serious implications for public Web servers without some kind of inline [intrusion prevention system] in front of them. Essentially, any user could launch a simple attack and the server will essentially be offline," Storms noted. He also noted that any copy of Microsoft Server 2012 -- not just those functioning as Web servers -- could be running IIS, such as a server for Microsoft Exchange or SharePoint.

The seven remaining bulletins -- none critical but all deemed important -- address bugs in Microsoft's Lync, Publisher, Word, Visio, Windows Essentials, .Net, and the Windows kernel.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags patchesMicrosoftsecuritypatch managementExploits / vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joab Jackson

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?