As promised last week, Microsoft has released 10 new security bulletins day that fix 33 issues for various versions of its software products. The bulletins are part of the company"s regular monthly "Patch Tuesday" event.
A post on Microsoft"s security blog states that one of the bulletins, MS13-038, provides a permanent fix for Internet Explorer 8. The company first reported the "zero day" exploit in IE8 earlier this month, stating that it could be used by hackers to launch a "remote code execution if users browse to a malicious website with an affected browser." The issue was reportedly used by some hackers in attacks directed against the U.S. Department of Labor and U.S. Department of Energy before the patch was released.
The blog post also reveals that the security bulletin labeled as "Critical", MS13-037, fixes a different but similar exploit in all versions of IE in all supported SKUs of Windows. Microsoft added, "These issues were privately disclosed and we have not detected any attacks or customer impact."
Yet another bulletin, MS13-039, is meant just for Windows 8 and Windows Server 2012 users. Microsoft says the patch fixes a problem in those operating systems "that could allow denial of service if an attacker sends a specially crafted HTTP packet to an affected Windows server or client." Microsoft claims not to have received any outside reports of this exploit being used in the wild.
Source: Microsoft