“It fixes critical vulnerabilities that could be used for machine takeover in all versions of Internet Explorer from 6 to 10, on all platforms including Windows 8 and Windows RT,” says Qualys CTO Wolfgang Kandek.
It affects Silverlight whether deployed on Windows or Mac OS X operating systems, where it is used to run media applications such as Netflix, Kandek says.
“It is puzzling to see such a high rating for this software that typically requires opening of an infected file in order for the attack to work. It will be interesting to see the attack vector for this vulnerability that warrants the ‘critical’ rating,” he says.
Three of the bulletins are rated important and include two that could allow data to leak and one that could allow attackers to elevate privileges on an exploited machine. Important bulletins include vulnerabilities that could lead to compromised confidentiality, integrity or availability of user data, or of the integrity or availability of processing resources, Microsoft says.
Link: http://www.arnnet.com.au/article/455814/microsoft_patch_tuesday_targets_internet_explorer_drive-by_attacks/