This month there are five bulletins, addressing 23 vulnerabilities in Windows, Office and Internet Explorer. Only one (MS13-047, affecting Internet Explorer) is marked as Critical.
The bulletin summary has all the technical details.
Related links:
– Improved cryptography infrastructure and the June 2013 bulletins
– SANS: Microsoft June 2013 Black Tuesday Overview
This month’s Patch Tuesday arrives on June 11. Updates should become available from about 10am PST on that date.
The bulletins: there are five this month, including one for Internet Explorer that’s marked Critical. More technical details are available on the official announcement page.
It seems clear that Microsoft isn’t going to fix Windows 8 with Windows 8.1. The changes in 8.1 are trivial and do not address the major concerns about Windows 8.
Infoworld has a solution: a new design for the next version of Windows, code-named Windows Red. This is a serious re-thinking of the design choices made by Microsoft and an attempt to rectify Windows 8’s problems.
All of Infoworld’s changes make sense to me. It would be wonderful if Microsoft paid attention to this design and actually used some or all of it. But knowing Microsoft, they’ll ignore it completely.
Infoworld also posted a useful followup with additional details on Windows Red.
Microsoft heard the complaints, and is bringing the Start button back in Windows 8.1. The problem? They heard, but they didn’t listen.
The Start button itself isn’t really all that useful. What’s useful about the Start button in previous versions of Windows is what happens when you click it: a menu appears. Of course, that menu has been criticized for years, but it’s still the only practical way to see a list of what’s possible on your computer.
With Windows 8.1, Microsoft has brought back the Start button, but pressing it just takes the user to the new Start screen (the one with the tiles). Useless. Apparently the Start screen has an “All apps” section that can be configured to look somewhat similar to a traditional menu, but this menu would be incomplete at best.
In public discussion on this subject, Microsoft spends a lot of time talking about branding, desktop wallpaper on the Start screen, and the ability to boot to the desktop. They also apparently realized that on a computer with no menu, searching is the only way to find anything, so search has been ‘improved’ to Windows 7 functionality.
On the positive side, it will once again be possible to have more than one program or window visible on the screen simultaneously, although that feature will also be limited.
Here’s a roundup of related articles from around the web:
Update 2012Jun03: Peter Bright over at Ars Technica also noticed that the Start menu won’t be back in Windows 8.1, although I disagree with his conclusions.
Google has pushed out a new version of Chrome that fixes a graphics-related bug.
After much speculation, Microsoft has finally announced a name for the next version of Windows: Windows 8.1. Up until now, the working name for the new version was Windows Blue.
Anyone currently using Windows 8 will be able to install the new version as an update for free. This sounds a lot like what Microsoft used to call a Service Pack. Well, whatever they want to call it, as long as it’s free, I’m all for it.
The new version is expected to bring back some aspects of the Start button, the Start menu and the traditional desktop, but the details remain unclear.
The month’s updates include fixes for vulnerabilities in Windows, Internet Explorer, .NET and Office. The main bulletin has all the technical details, and the Microsoft Security Response Center has a more reader-friendly summary, entitled “Microsoft Customer Protections for May 2013”.
The expected patch for recently-discovered vulnerabilities in Internet Explorer 8 is included in this month’s patches as MS13-038. According to Microsoft, you can install this patch whether or not you previously installed the emergency “Fix-It” released by Microsoft.
As usual, Microsoft has issued an advance notification for this month’s Patch Tuesday. The updates will become available on Tuesday, May 14 at about 10am PST.
There are ten bulletins this month, two of them flagged Critical. In total, 34 vulnerabilities in Windows, Office, Internet Explorer, .NET and server software will be addressed.
Update 2013May11: The upcoming patches will include a fix for the Internet Explorer 8 vulnerability recently discovered.
Update 2013May09: Microsoft has issued a ‘Fix-It’ for this problem. This is a temporary, band-aid solution to the problem. It will be superseded by an actual patch at some point. The original bulletin about this issue has been updated to include information about the ‘Fix-It’.
Microsoft recently announced a new attack, targeted at a specific version of Internet Explorer, being exploited in the wild. More details are provided in the associated security advisory from Microsoft.
Only Internet Explorer version 8 is vulnerable to this attack, which begins when someone using IE8 is tricked into visiting a compromised web site. Once infected, the user’s computer can be remotely controlled by the attacker.
Anyone using Internet Explorer 8 is strongly urged to upgrade to IE9, or – if using Windows 7 or 8 – to IE10. If upgrading Internet Explorer is not an option, you can reduce the risk of infection by increasing the level of protection provided by the browser, as follows:
Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones. This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones. This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
Ars Technica has additional details.
Microsoft today released a new version of the update that caused so many problems this past Patch Tuesday, MS013-036.
The new version is KB2840149, and it replaces the update originally associated with MS013-036, KB2823324.
The new update will be installed automatically on computers with auto-update enabled. Anyone using manual updates should install the new version by visiting the Windows Update site or the KB2840149 page.
boot13