Microsoft Security Updates – April 2013
Corporate and home users should ensure their systems are up-to-date
QUOTE: The highest priority bulletin this month is the update for Internet Explorer (MS13-028), which fixes a use-after-free issue in all supported versions of the Web browser from IE 6 to IE 10, which if exploited, can result in remote code execution. The bulletin also addressed a defense in depth issue that relies on users having Java 6.0 or older installed. “Given the number of issues Java’s had lately, hopefully no one is still running old versions of Java,” Henry warned.
The second priority should be the patch for the Remote Desktop Client software’s ActiveX control, (MS13-029), which affects all Windows versions and “is not the type of issue we typically see in Windows RDP,” Henry said. Security experts also flagged a few other “important” bulletins for special attention this month. The denial of service bug in Active Directory (MS13-032) should be “high on the list for enterprise installations,” Kandek said. Attackers could send a malicious LDAP query triggering the vulnerability, which would exhaust the system’s memory and cause a denial of service.