Better late than never -- Microsoft to fix Pwn2Own flaw
Patch Tuesday approaches quickly. That time of the month when Microsoft deems it appropriate to fix the myriad security flaws that rear their ugly heads during the preceding time frame. As is custom, the company gives advance notice of what to expect, but no details regarding actual flaws -- a nod to not allowing (more) hackers to take advantage of the issues discovered.
May 14th is the next scheduled update of your Windows computer, and it will carry along 10 bulletins with it. A couple of these patch much publicized holes in Internet Explorer, one of which the company just released a "Fix it" tool designed to temporarily mend.
Another mends the highly publicized Pwn2Own flaw discovered and exploited at the CanSecWest conference back in March. For the record, Chrome and Firefox also went down in the competition.
The remaining critical patches will fix a denial of service hole within Windows, fix a spoofing issue in that as well as the .NET framework, patch a remote code execution bug in Lync, two remote code execution flaws and one information disclosure problem in Office, an information disclosure vulnerability in Windows Essentials, and an elevation of privilege defect in Windows. Take a deep breath now.
Microsoft also plans to host a webcast to address customer questions on the security bulletins on May 15, 2013, at 11:00 AM Pacific Time. While all of these updates are important -- critical one might say -- the fact it took this long to fix the pwn2own flaw is a bit troubling -- Chrome and Firefox did so within days of the competition.
Photo Credit: Kheng Guan Toh/Shutterstock