System administrators overseeing Microsoft Exchange deployments should take a close look at Microsoft's latest round of security patches. In addition to covering Windows and Internet Explorer, Microsoft's latest monthly batch of patches covers the widely used Exchange Server, both the Exchange Server 2007 and Exchange Server 2010 editions.
"Microsoft delivered a monster sized patch this month ... It's enough to make your head spin," wrote Andrew Storms, director of security operations for security firm nCircle, in an email.
[ InfoWorld's expert contributors show you how to secure your Web browsers in a free PDF guide. Download it today! | Learn how to protect your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
Overall, Microsoft has issued 12 security updates, covering 57 vulnerabilities, one of the largest sets of security updates the company has ever released.
Microsoft tagged five of the 12 updates as critical, and labelled the remaining seven as important.
NCircle advises that organizations apply the two critical Internet Explorer patches first. "Both of these remote execution bugs are serious security risks, so patch all of them and patch them fast," Storms wrote. The two critical patches cover versions 6 through 10 of the browser.
"Both bulletins fix 'drive-by bugs' that only require the victim to browse a website to become infected with malicious code," Storms wrote.
Microsoft Security Bulletin MS13-010 describes a vulnerability in Internet Explorer's implementation of the Vector Markup Language (VML) that could allow for remote code execution. This vulnerability has already been used in one attack, and more attacks are expected within the next 30 days, according to Microsoft.
Also directed at Internet Explorer, MS13-009 describes 13 different vulnerabilities that are grouped together in one update because they are found in overlapping sections of the browser's code base. Microsoft expects these vulnerabilities to be exploited within the next 30 days as well.
"If you only have time to do the absolute minimum, you should patch Internet Explorer and Flash immediately," Storms wrote.