Microsoft’s April Patch Tuesday update, delivers fixes for 14 CVEs spread across nine security bulletins.
Though Microsoft is patching a good number of flaws, it is not patching vulnerabilities that were publicly demonstrated at the Pwn2Own 2013 event in March.
Though Microsoft is not patching for the Pwn2Own flaws, it is providing a critical patch for a pair of other flaws in IE. The MS13-028 bulletin details two flaws that both employ use-after-free vulnerabilities. In a use-after-free vulnerability, allocated memory can potentially be used by an attacker to execute malicious code.
The Google Security Team reported both of the use-after-free flaws to Microsoft. Google is no stranger to use-after-free flaws and frequently patches them in its own Chrome browser.
Read the full story at eSecurity Planet:
Microsoft Skips Pwn2Own IE Flaws in April Patch Tuesday
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.