All the latest UK technology news, reviews and analysis

Microsoft Patch Tuesday brings critical fixes for IE and the Remote Desktop Client

10 Apr 2013
Microsoft logo at its Redmond headquarters

This month's edition of Microsoft's Patch Tuesday brings two critical patches for Internet Explorer and the remote desktop client.

One patch covers a remote code execution issue found inside Internet Explorer versions six through 10. Another patch this month includes a bug fix for Microsoft's remote desktop client running on Windows XP to Windows 7.

"For the April patches, your first priority is MS13-028, which is a use-after-free issue in all versions of IE," said security and forensic analyst at Lumension, Paul Henry.

"This is one of the few bulletins this month that has a critical impact on the current code, hitting Windows 8, Windows RT and Windows 7 with a critical remote code execution issue."

Henry said that much of this month's patches cover legacy code. He believes that if a firm is currently running the latest software, its IT department shouldn't have a terribly difficult time making patches.

"Most of the impact is on the legacy code base, rather than the current code that has been impacted more than usual over the last few months," continued Henry.

"If your system is running the latest and greatest versions of software - as you should always do, since newest is usually the most secure - then you should be minimally impacted this month."

Another critical patch this month is MS13-029. The fix corrects a remote code execution issue found inside Microsoft's remote desktop client running on Windows XP, Windows Vista, and Windows 7.

"Attackers can exploit this vulnerability by luring victims to attacker-controlled websites hosting malicious ActiveX controls," said BeyondTrust chief technology officer Marc Maiffret.

"When viewed, the vulnerability would be exploited, granting attackers the ability to execute arbitrary code in the context of the user. Therefore, it is very important to get this patch rolled out as soon as possible."

Along with the critical patches, Microsoft also released seven important fixes. Non-critical patches for this month aim to correct issues found within software such as Sharepoint Servers 2013, Windows Defender, and Windows component CSRSS.

This month's Patch Tuesday offering comes following the announcement of three Adobe patches for April. The Adobe patches address flaws from ColdFusion, Flash and Shockwave software.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
James Dohnert

James is a freelance writer and editor. In addition to ClickZ, his work has appeared in publications like V3, The Commonwealth Club,, and Shonen Jump magazine. He studied Journalism at Weber State University.

More on Security
What do you think?
blog comments powered by Disqus

Devices at work poll

Which device do you use most for work?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

C# Developer / .Net Consultant - £38k

C# Developer/.Net Consultant - £35k + car allowance...

Infrastructure & Network Analyst

Infrastructure & Network Analyst Solihull (and...

Business Intelligence Analyst

Citywire is a global publishing company with offices...

CRM System Officers

At the University of Derby, people are at the heart of...
To send to more than one email address, simply separate each address with a comma.