With this month’s Microsoft Patch Tuesday update, we see a set of seven updates, four of which are marked as “Critical,” addressing serious problems that could enable someone to access your computer if they are not patched. The remaining three are rated as “Important,” and, while they aren’t as serious as the critical patches, they do address security issues that need to be fixed. Most of the seven patches affect Microsoft Office, with only two impacting Windows.
One of the biggest issues for this Patch Tuesday release relates to the critical update for Internet Explorer (MS13-021), which resolves nine serious vulnerabilities. These vulnerabilities and the subsequent Microsoft Update affect Internet Explorer versions 6, 7, 8, 9 across Microsoft’s XP, Vista, Windows 7, and Windows 8 and Windows 8 RT. Interestingly, and probably relevant for some enterprises, is that this patch does not affect IE10 on Windows 7 (with SP1). Neither does this update affect Windows Server 2008 and Server 2012.
On a more interesting but slightly less important note, the Microsoft update to Adobe Flash is more of a policy change than a response to a direct vulnerability. In the past (last week), Microsoft maintained a curated list (or White List) of websites containing Adobe Flash content that appeared to work well with Microsoft browsers. This was probably a sensible approach a few years ago, when the number of Flash sites that misbehaved was quite high, and subsequently caused a number of issues on modern browsers. Now, with this update, Flash is enabled by default, and the Microsoft Compatibility View (CV) list is a “Black List” that blocks known Flash sites and content with compatibility or performance issues. Rob Mauceri, Group Program Manager for Internet Explorer says in the IE Blog,
“Looking at our engineering experience with Flash and Windows 8 and RT, as developers improve their Flash content, the vast majority of sites with Flash content that we have tested are now compatible with the Windows experience goals. Of the thousands of domains tested for Flash compatibility to date, we have found fewer than 4 percent are still incompatible, in the most part because the core site experience requires other ActiveX controls in addition to Flash.”
This is a big change and is sure to be seen as a competitive advantage for Microsoft on their tablet platforms, when compared with the lack of Flash support on Apple’s iPad.
The Dell Patch Impact team has found that a significant number of applications in our test application portfolio for two patches in this Microsoft Update (MS13-023 and MS13-025) either contain or have direct dependencies on components changed in these two updates. As far as the impact of these warnings, it is likely that internally developed (or Line of Business) applications need to be tested prior to the release of these updates.
Of the seven patches, two "require a restart to load correctly,” three "may require a restart," and two do not need a restart. So, it’s probably best to assume that all require a restart to be installed correctly.
Details of the four “Critical” updates include:
Details of the three “Important” updates include: