Microsoft Patch Tuesday – March 2013
After having quite a busy patch Tuesday last month, and seeing a lot of browser updates in the last week this month’s Microsoft Patch Tuesday is pretty usual.
We have a few critical Remote Code Execution vulnerabilities being patched in IE with exploit for CVE-2013-1288 being publicly available.
One interesting update is MS13-027 which fixes a vulnerability in the USB Driver. This vulnerability enables anyone with the ability to get a malicious USB plugged in to the system to execute arbitrary code as kernel. This attack vector has been seen to be exploited in the past, specially for targeted attacks. I would like to take this opportunity to emphasize the importance of user education on this and other safe practices.
So there you have it, a pretty short entry for patch Tuesday, until next time,have a safe time, and remember it’s not a good idea to plug in untrusted USB drives into your system, and if somebody from the audience (a fan?) asks you for a copy of your presentation at a conference and hands you a USB, thank her for her interest and let her download your slides from your or conference’s website.