If you use IE, or MS Office on Windows *or* Mac, get your patches now! • Graham Cluley

Microsoft has released its regular monthly bundle of security fixes, known as “Patch Tuesday”. This time it doesn’t just mean security patches for vulnerabilities in software running on the Windows platform – Mac users could be at risk too.

As described in Microsoft’s security bulletin summary for June 2013, the most serious issues – rated “Critical” by the company – affect Internet Explorer, and if left unpatched could allow a remote attacker to run malicious code (such as a worm) on your computer just by you visiting a boobytrapped website.

The single MS13-047 security update for Internet Explorer addresses 19 separate vulnerabilities, affecting all supported versions of Internet Explorer from version 6 to IE 10, on all supported versions of Windows from XP to RT.

Meanwhile, another bulletin – MS13-051 – tackles vulnerabilities in Microsoft Office 2003 Service Pack 3 *and* Office 2011 for Mac that could infect your computer if you open a malformed DOC file.

Sign up to our free newsletter.
Security news, advice, and tips.

Woah! Back up a bit there.

Does a bug existing in a relatively old version of MS Office for Windows and a relatively *new* version of MS Office for Mac tell us that the company is treating its Mac users as second class citizens? How come Mac users have – seemingly – been living with a vulnerability for so long in their software, while Windows counterparts who have been regularly ugrading their Office installations have avoided the risk?

If I were a Mac user, I would feel a little less confident about the security of Microsoft products this morning.

As always, you should read the security bulletins and apply them across your business, as appropriate, in a timely fashion. If you’re a home user, or responsible for the security of your work computer, chances are that your best course of action is to install the patches as quickly as possible – before malicious hackers take advantage of the security holes.

Oh, and did you notice? There was no fix in this month’s bundle for the zero-day vulnerability in Microsoft’s software controversially made public by Google security engineer Tavis Ormandy.

Seems we’ll have to wait a little longer for Patch Tavis Day. Hold your breath that no bad guys exploit *that* flaw before Microsoft manages to put together a fix.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley • @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.