Microsoft tackles Windows 8 security flaw with latest Patch Tuesday

Microsoft has released details of April's Patch Tuesday update, with critical vulnerabilities in Windows and Internet Explorer being addressed.

In total there are nine bulletins this month, with two being rated critical.

The first of these is a remote code execution vulnerability, meaning attackers could potentially hijack a system if a user visits an infected website. It affects all versions of Internet Explorer, from IE6 right up to IE10, the newest version. This means Windows 8 and RT are impacted by the update, as are older Windows versions such as XP and Vista.

This update fixes a vulnerability that exists across lots of different versions of IE and Windows, so security experts are warning IT admins to push out this update as soon as possible. Wolfgang Kandek, CTO at Qualys, said the update should be “on the top of your patching efforts”.

The second big update this month affects all versions of the Windows operating system, except Windows 8, RT and Server 2012. However, as many businesses are yet to upgrade to the newest versions this update will still have a big impact across the enterprise world. Like the first patch, it also concerns a remote code execution vulnerability.

The remaining patches are all rated as important. Interestingly one of these fixes a flaw in Windows Defender, Microsoft's anti-spyware program that was upgraded to be an anti-virus package for Windows 8 and RT.

Wolfgang Kandek added that IT admins should not solely concentrate on Microsoft updates this month, as an equally important one from Oracle is on the way.

“Please keep also in mind that Oracle has scheduled an extra release for Java this month,” he wrote. Normally Java is on a four-month release cycle: February, June and October of each year. Due to the amount and severity of recent vulnerabilities discovered, there will be an additional release that will go live on 16th April.”

Sign up to our newsletters