It's Patch Tuesday again, and the first one to jump on will patch the critical zero-day vulnerability in Internet Explorer that attackers have been actively exploiting in the wild since February. Today Microsoft released five security updates, two rated Critical and three rated Important. The March security bulletins address 23 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer and Silverlight.It’s Patch Tuesday again and MS14-012 is the first one to jump on for March 2014 in order to patch the critical zero-day vulnerability in Internet Explorer that attackers have been actively exploiting in the wild since at least last month. On Feb. 11, FireEye researchers identified a zero-day exploit in Internet Explorer 10 being used in Operation SnowMan that compromised the U.S. Veterans of Foreign Wars website. Shortly thereafter, Seculert reported that a different set of attackers used the same zero-day exploit but tweaked the credential-stealing malware to impersonate a French aerospace manufacturer.Dustin Childs, Microsoft Trustworthy Computing group manager, wrote:We are aware of targeted attacks using CVE-2014-0322 against Internet Explorer 10. This issue was first described in Security Advisory 2934088, which included a Fix it for the issue. We should also note that the observed attacks performed a check for the presence of the Enhanced Mitigation Experience Toolkit (EMET) and did not proceed if it was detected. This update also addresses CVE-2014-0324, which is a privately reported issue that has been seen in a very limited, targeted attack against Internet Explorer 8. Thanks to a previously released ASLR bypass update, the attack seen in the wild would not work against a fully updated system running Windows Vista and above.“Obviously the IE update should be your highest priority,” Child said, “but do not ignore the update eliminating a DEP and ASLR bypass as it can have a long term impact in improving your systems’ security.” Childs added, “We are also revising Security Advisory 2755801 with the latest update for Adobe Flash Player in Internet Explorer. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-08.”The Microsoft Security Response Center advises the following deployment priority: MS14-013 is to fix another critical remote code execution (RCE) vulnerability in Windows.MS14-014 is rated important to resolve a flaw in Microsoft Silverlight. “The vulnerability could allow security feature bypass if an attacker hosts a website that contains specially crafted Silverlight content that is designed to exploit the vulnerability, and then convinces a user to view the website.”MS14-015 is rated important to fix Elevation of Privilege (EoP) vulnerabilities in all supported releases of Windows. The bug “could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.”Last to be deployed is MS14-016 to fix a vulnerability in Microsoft Windows. The vulnerability is in Security Account Manager Remote (SAMR) Protocol and “could allow security feature bypass if an attacker makes multiple attempts to match passwords to a username.” This patch corrects “the manner in which Windows validates user lockout state.”If you are still using Windows XP, you’d be wise to make changing that a top priority. The end is near – the April 8th end of XP support, that is.Like this? Here’s more posts:Google Map jacker called a hero by feds he wiretappedFormer BlueHat Prize winner pwns Microsoft, researcher bypasses all EMET protectionsDon’t you have a right to link to a hack without going to jail?Top 25 most commonly used and worst passwords of 2013How to customize Windows 8.1 Start screen and keyboard shortcut tricksMicrosoft surveys tech elites on online privacyMicrosoft finally gets a clue: Boot to desktop as default in Windows 8.1 updateMt. Gox files for bankruptcy in U.S. to stop lawsuitsBallmer calls Microsoft a two-trick pony, but real trick is Windows XP to 8 ‘upgrade’How to change Windows 8.1 to local account with no Microsoft email account requiredMicrosoft: Windows 8.1 update great for mouse-and-keyboard AND touch usersSamsung to let developers tap into Galaxy S5 fingerprint scannerFollow me on Twitter @PrivacyFanatic Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe