Microsoft Patch Tuesday – March 2013

After having quite a busy patch Tuesday last month, and seeing a lot of browser updates in the last week this month’s Microsoft Patch Tuesday is pretty usual.

We have a few critical Remote Code Execution vulnerabilities being patched in IE with exploit for CVE-2013-1288 being publicly available.

One interesting update is MS13-027 which fixes a vulnerability in the USB Driver. This vulnerability enables anyone with the ability to get a malicious USB plugged in to the system to execute arbitrary code as kernel. This attack vector has been seen to be exploited in the past, specially for targeted attacks. I would like to take this opportunity to emphasize the importance of user education on this and other safe practices.

So there you have it, a pretty short entry for patch Tuesday, until next time,have a safe time, and remember it’s not a good idea to plug in untrusted USB drives into your system, and if somebody from the audience (a fan?) asks you for a copy of your presentation at a conference and hands you a USB, thank her for her interest and let her download your slides from your or conference’s website.

Share this Article:
Zubair Ashraf

X-Force Security Researcher, IBM Security

Zubair Ashraf is a security researcher and team lead for IBM X-Force Advanced Research. He is very passionate about fighting all malicious activities in cyber space (aka cyber-crime/ attacks, or APT etc.). Currently he contributes to this via several means, and to share a few, he is actively and passionately: Educating and training others via his Twitter, blogging or presenting at security events; Analyzing Exploitation Techniques, Malware and Vulnerabilities and advising the IBM Security System's product development teams on prevention and detection strategies. His twitter account (@zashraf1337) has been listed among security researchers that will blow your mind and recommended on Metasploit's blog as among those to be followed if you like vulnerability research and/or exploit development.