Windows updates are falling into an all too predictable pattern: critical fixes for Internet Explorer and Adobe Flash, a couple of kernel patches, and numerous .NET Framework updates.
This Patch Tuesday also includes various critical patches for Windows media components and Windows Defender.
Starting with the usual subjects — IE and Flash
It just wouldn’t be a Patch Tuesday without another batch of Internet Explorer fixes. Patching 17 newly reported vulnerabilities, KB 2846071 is rated critical for IE Versions 6 through 10.
As I’ve said numerous times before, you must keep IE updated, even if you typically use another browser. Internet Explorer isn’t just a browser; it’s a key part of the Windows operating system.
Keeping Adobe Flash updated is almost as critical as keeping IE current. Adobe’s Patch Tuesday release is Flash 11.8.800.94, as noted in Security bulletin APSB13-17.
What to do: There are already reports of attacks on IE 8, and it’s expected that more will follow soon. Install KB 2846071 (MS13-055) immediately. Then head over to Adobe’s download site and pick up the latest Flash. (Before clicking that “Download now” button, uncheck those potentially unwanted free software offers.)
A kernel fix for a TrueType Font handling
KB 2850851 is another Windows kernel-mode driver update. But though it’s rated critical, I’m giving my usual recommendation to not install it for at least a couple of weeks. Kernel updates occasionally have conflicts with third-party apps — especially, it seems, antivirus products. Before you add the patch, ensure your AV apps are fully up to date.