IE8 security bulletin (MS13-038) is one of 10 that Microsoft released Tuesday as part of its “Patch Tuesday” release of bug fixes and security bulletins. Microsoft marked MS13-038 as critical and the company, along with other security firms, are advising those still running IE8 to apply the fix immediately. Using an altered Labor Department Web page, attackers used this vulnerability in an attempt to install malicious code on any visitor’s machine running IE8.
The other critical bulletin, MS13-037, also affects Internet Explorer and it resolves 11 issues that made it easy to inject malicious code into the browser from a specially crafted Web page, allowing the user to take control of a computer. The update covers the PWN2Own vulnerability, unearthed earlier this year.
If you are running Windows Server 2012 then take an immediate look at MS MS13-039. This update fixes a vulnerability in the Microsoft Web IIS (Internet Information Services) that could be used in a Denial of Service (DoS) attack, through the use of an HTTP packet. Because it would be relatively simple to craft an attack using this vulnerability, organizations should apply this update as soon as possible, according to Tripwire.
