Scary flaw makes your USB ports a major security risk - murphycattat

It's the ordinal Tuesday in March, which means that it's also the third Patch Tuesday of 2022. Microsoft released seven untried security department bulletins nowadays, with tetrad rated atomic number 3 "critical," but security experts are particularly concerned astir a blemish rated as merely "important" that exposes your Windows PCs to major danger.

Wolfgang Kandek, CTO of Qualys, notes in a blog put up that the amoun of security bulletins is all but equation for the course for Microsoft. Atomic number 2 adds, "In technical terms though we are sightedness some gripping vulnerabilities that definitely pace higher-than-average."

For starters, in that respect is a cumulative security update for Explorer (MS13-021). It addresses cardinal separate vulnerabilities, one of which has had tap code circulating in the wild for the past month. Kandek urges IT admins to put on this update every bit soon as possible.

"Every supported version of Internet Explorer (6 through 10) is affected, frankincense implicitly qualification every last based Windows platforms (including Windows RT) a butt for attackers," points out BeyondTrust CTO Marc Maiffret.

An moderate thumb drive could be a serious PC menace.

According to Paul Henry, security and forensic analyst at Lumension, the second priority should be MS13-022—a "appraising" security bulletin that deals with a remote code execution vulnerability in Silverlight 5. Simply browsing to a website with leering content with a vulnerable version of Silverlight is every last it takes to become a dupe of this attack.

Possibly the most interesting of the seven security bulletins, though, is MS13-027. Microsoft only rates it as "important" because the lash out requires physical access to the vulnerable machine. Saint Andrew Storms, director of security department operations for nCircle (presently in the process of being acquired by Tripwire), explains that this flaw allows anyone with a USB thumb drive affluent with the attack code to bypass security controls and admittance a vulnerable system evening if AutoRun is disabled, and the sort is locked.

A new version of Flash player addresses Little Jo critical vulnerabilities.

Storms cautions, "Just imagine what a properly impelled janitorial staff could coiffure with this vulnerability in just one evening. This exposure also seriously impacts security connected all those public kiosks and conscientious objector-fix centers that Don't have locked cabinets. The latent for harm with this vulnerability can't be overstated."

Security experts agree that MS13-021, MS13-022, and MS13-027 pose a very serious threat and should be self-addressed immediately. As with any Patch Tuesday, you should review all of the security system bulletins to determine the potential bear upon to your systems, and prioritise the patches accordingly.

While you're at it, Adobe has free a new version of their Flash player, which addresses four critical vulnerabilities. Build sure you take a look at that and update Flash player as soon as possible as well.