Microsoft releases 13 security bulletins in latest Patch Tuesday

Patch now or be vulnerable as hackers get to work on coding exploits

Microsoft has released a total of 13 security bulletins in its latest slew of Patch Tuesday updates.

The good news is that there are no obvious exploits or vulnerabilities in the wild at this stage, according to security company Shavlik. Product manager Chris Goettl suggests that this month is much like previous months, including a lot of updates, but nothing targeting widely publicised critical vulnerabilities.

"March Patch Tuesday has a great deal of updates, but no public disclosures or exploited vulnerabilities as yet. Let's start with what we know for sure: Microsoft has released 13 bulletins, five of which are 'critical' and eight 'important'. With these bulletins, Microsoft is resolving 39 vulnerabilities this month," said Goettl.

"On the non-Microsoft front, Adobe is releasing two bulletins, rated as Priority 2 and 3, that resolve four vulnerabilities. Additionally, Mozilla Firefox 45 has been released and is rated 'critical' as it resolves 22 vulnerabilities."

Goettl is not the only one quick off the mark with advice. Qualys CTO Wolfgang Kandek said in a blog post that Apple joins the party with a fix for the Transmission bug, and that Microsoft and Adobe are providing fixes for (yet more) PDF flaws.

Although there are no exploits for these security flaws currently known about in the wild, they will inevitably come soon.

"Apple has a first this month. The popular bit-torrent client Transmission was Trojaned with a ransomware version. Fortunately, it was available for download for less than 12 hours and Apple quickly revoked its signing certificate and updated the signatures in xprotect. Nevertheless, check for Transmission 2.90 in your network and isolate it if found," said Kandek.

"That's it for March. No zero-days or immediately exploitable vulnerabilities this month, but apply these patches as quickly as possible anyway. We have seen attackers convert vulnerabilities into exploits quickly, particularly on Adobe Flash."

Adobe has issued a new version of Acrobat Reader with three critical fixes, which Kandek reckons you should consider a priority.

To hear more about security challenges, the threats they pose and how to combat them, sign up for Computing's Enterprise Security and Risk Management conference, taking place in November. Attendance is free for qualifying end-users, so sign-up early.