Microsoft Patch Tuesday: 11 Fixes, One Gap

Microsoft’s latest Patch Tuesday security update fixes 11 serious flaws, but the company has been criticised for leaving a one-week-old flaw that is being exploited in the wild.

The patche bundle fixes several new flaws (called “zero days” in the business), including one flaw that escaped November’s Patch Tuesday bundle, which allowed attackers to hit Microsoft Word users, with boobytrapped documents containing TIFF image files.

Flaws face a fix

Microsoft’s Patch Tuesday fixes, issued on the second Tuesday of the month, attempt to block all the most significant threats to software including Windows, Office and Internet Explorer. This time round, fixes include the TIFF vulnerability, as well as fixes for flaws in Lync, Exchange, Windows and Microsoft Developer Tools.

As always, a recently -notified flaw has slipped through the net. Dustin Childs, of Microsoft’s Trustworthy Security Group admitted that a security flaw affecting Windows XP and Windows Server 2003, known as CVE-2013-5065, is not yet patched.

This bug lets attackers with valid login credentials for these older Microsoft operating systems elevate their privileges.  Childs promises a fix soon, and Microsoft has offered a list of suggested workarounds to the problem.

Lets hope at-risk computer users don’t have to wait until 2014 for a fix for that serious problem,” commented security expert Graham Cluley.

Are you a security expert? Try our quiz!