Microsoft’s latest Patch Tuesday security update fixes 11 serious flaws, but the company has been criticised for leaving a one-week-old flaw that is being exploited in the wild.
The patche bundle fixes several new flaws (called “zero days” in the business), including one flaw that escaped November’s Patch Tuesday bundle, which allowed attackers to hit Microsoft Word users, with boobytrapped documents containing TIFF image files.
Microsoft’s Patch Tuesday fixes, issued on the second Tuesday of the month, attempt to block all the most significant threats to software including Windows, Office and Internet Explorer. This time round, fixes include the TIFF vulnerability, as well as fixes for flaws in Lync, Exchange, Windows and Microsoft Developer Tools.
As always, a recently -notified flaw has slipped through the net. Dustin Childs, of Microsoft’s Trustworthy Security Group admitted that a security flaw affecting Windows XP and Windows Server 2003, known as CVE-2013-5065, is not yet patched.
This bug lets attackers with valid login credentials for these older Microsoft operating systems elevate their privileges. Childs promises a fix soon, and Microsoft has offered a list of suggested workarounds to the problem.
Lets hope at-risk computer users don’t have to wait until 2014 for a fix for that serious problem,” commented security expert Graham Cluley.
Are you a security expert? Try our quiz!
Backlash begins. Multiple reactions to the plan by Meta and Mark Zuckerberg to drop its…
Indonesian government minister confirms that despite Apple planning production facility, it still cannot sell its…
Sister of OpenAI CEO Sam Altman, files lawsuit against him and alleges he sexually abused…
US Army special forces soldier Matthew Alan Livelsberger used ChatGPT to work out explosives needed…
More funding for AI startup Anthropic, after report that Amazon is to pump in additional…
Mark Zuckerberg continues to 'adjust' to the new political reality in US – announces axing…