As described in Microsoft’s security bulletin summary for June 2013, the most serious issues – rated “Critical” by the company – affect Internet Explorer, and if left unpatched could allow a remote attacker to run malicious code (such as a worm) on your computer just by you visiting a boobytrapped website.
The single MS13-047 security update for Internet Explorer addresses 19 separate vulnerabilities, affecting all supported versions of Internet Explorer from version 6 to IE 10, on all supported versions of Windows from XP to RT.
Meanwhile, another bulletin – MS13-051 – tackles vulnerabilities in Microsoft Office 2003 Service Pack 3 *and* Office 2011 for Mac that could infect your computer if you open a malformed DOC file.
Woah! Back up a bit there.
Does a bug existing in a relatively old version of MS Office for Windows and a relatively *new* version of MS Office for Mac tell us that the company is treating its Mac users as second class citizens? How come Mac users have – seemingly – been living with a vulnerability for so long in their software, while Windows counterparts who have been regularly ugrading their Office installations have avoided the risk?
If I were a Mac user, I would feel a little less confident about the security of Microsoft products this morning.
As always, you should read the security bulletins and apply them across your business, as appropriate, in a timely fashion. If you’re a home user, or responsible for the security of your work computer, chances are that your best course of action is to install the patches as quickly as possible – before malicious hackers take advantage of the security holes.
Oh, and did you notice? There was no fix in this month’s bundle for the zero-day vulnerability in Microsoft’s software controversially made public by Google security engineer Tavis Ormandy.
Seems we’ll have to wait a little longer for Patch Tavis Day. Hold your breath that no bad guys exploit *that* flaw before Microsoft manages to put together a fix.