- V3 Apps
This month's edition of Microsoft's Patch Tuesday brings two critical patches for Internet Explorer and the remote desktop client.
One patch covers a remote code execution issue found inside Internet Explorer versions six through 10. Another patch this month includes a bug fix for Microsoft's remote desktop client running on Windows XP to Windows 7.
"For the April patches, your first priority is MS13-028, which is a use-after-free issue in all versions of IE," said security and forensic analyst at Lumension, Paul Henry.
"This is one of the few bulletins this month that has a critical impact on the current code, hitting Windows 8, Windows RT and Windows 7 with a critical remote code execution issue."
Henry said that much of this month's patches cover legacy code. He believes that if a firm is currently running the latest software, its IT department shouldn't have a terribly difficult time making patches.
"Most of the impact is on the legacy code base, rather than the current code that has been impacted more than usual over the last few months," continued Henry.
"If your system is running the latest and greatest versions of software - as you should always do, since newest is usually the most secure - then you should be minimally impacted this month."
Another critical patch this month is MS13-029. The fix corrects a remote code execution issue found inside Microsoft's remote desktop client running on Windows XP, Windows Vista, and Windows 7.
"Attackers can exploit this vulnerability by luring victims to attacker-controlled websites hosting malicious ActiveX controls," said BeyondTrust chief technology officer Marc Maiffret.
"When viewed, the vulnerability would be exploited, granting attackers the ability to execute arbitrary code in the context of the user. Therefore, it is very important to get this patch rolled out as soon as possible."
Along with the critical patches, Microsoft also released seven important fixes. Non-critical patches for this month aim to correct issues found within software such as Sharepoint Servers 2013, Windows Defender, and Windows component CSRSS.