Microsoft Addresses 57 Vul in Windows, Office, IE, and .NET Framework

Microsoft deliver updates to vulnerabilities in Internet Explorer 10 and other several other products as well as non-security updates for Windows RT.

Share online:

Patch Tuesday is February 12th, the day Microsoft releases not one or two but 12 security bulletins, addressing 57 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange and .NET Framework.

Out of the twelve released bulletins, "five are of critical-class and seven bulletins are of important-class."

Also, released today are some non-security updates for Surface RT and Windows RT, including a fix for the pesky Connected Standby and WiFi issues.

"Windows RT would enter Connected Standby while updates were being downloaded from Windows Update, preventing users from downloading anything from the Windows Store."

Additional Surface RT updates address performance issues with "the Windows, Volume, and Power buttons, as well as improvements for Bluetooth audio playback quality and playback when users stream videos from Windows Media Center to Xbox consoles."

Update: In a seprate blog post, Microsoft today announce that it will begin shipping 128GB SKU of Surface Pro with Windows 8 Pro later this week to retailers, "with some units available by the end of the week."

"Our priority (and that of our retail partners) is to fulfill orders from customers who made a reservation first. Canada is following a similar timeline but may take an extra few days to start arriving," the company wrote.

Microsoft also released two critically rated security bulletins for Internet Explorer 10 as well as one security advisory for the Internet Explorer.

MS13-009 resolves thirteen privately reported critical vulnerabilities in IE10, as well as other editions of IE, revolving around remote code execution when a user views a malicious website including: Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows servers.

Those on Windows RT device, can head over to the Settings Charm, Change PC Settings, and check Windows Update.

MS13-010 resolves critical privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML), which could allow remote code execution if a user viewed a melicious web site on IE6, IE7, IE8, IE9, and IE 10 on all supported releases of Microsoft Windows.

And, SA 2755801 announced today revolves around the availability of Adobe Flash Player update in IE10 on Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities in Flash Player.

Finally, the company has also released Security Release ISO Image February 2013, that in addition to the standard Windows XP, Vista and 7 updates, also comes with the available Windows 8 and Windows RT fixes.

The ISO contains knowledge base articles: kb2756920, kb2778344, kb2780091, kb2789642, kb2789643, kb2789644, kb2789645, kb2789646, kb2789648, kb2789649, kb2789650, kb2790113, kb2790655, kb2790978, kb2792100, kb2797052, kb2799329, kb2799494, kb2802968

Security bulletins: MS13-004, MS13-008, MS13-009, MS13-010, MS13-011, MS13-014, MS13-015, MS13-016, MS13-017, MS13-018, MS13-019, MS13-020

Watch the bulletin overview video below for a quick summary of today's releases:

Download links:

Below is the deployment priority guidance:

Microsoft February 2013 Patch Tuesday deployment priority guidance

….and, here is the risk and impact graph shows an aggregate view of this month's severity and exploitability index:

Microsoft February 2013 severity and exploitability index of security bulletin