Categories: SecurityWorkspace

Christmas Patch Tuesday Brings Scary Gifts

Microsoft has delivered a notable package of security fixes in its final Patch Tuesday of the year, covering a variety of operating systems and add-ons.

Seven bulletins were released by Microsoft, with five ranked as critical and two as important. In total, they deal with 12 vulnerabilities, covering a range of Remote Code Execution (RCE) flaws in popular software.

One of those RCE flaws is resident in Internet Explorer, thanks to a memory corruption bug, whilst another lies in Microsoft Word, which results from the way in which the program parses RTF files. For the latter, experts believe exploit code will be made public soon, so teams should get patching.

Patch Tuesday dangers

“An attacker can gain control of a computer without end user interaction because Microsoft Outlook automatically displays the malicious text in the Preview Pane,” warned Wolfgang Kandek, chief technology officer at Qualys.

As part of its security updates, Microsoft has also pushed out a new version of Flash in Internet Explorer 10, addressing three critical vulnerabilities. Adobe has put out its own patch too.

Security professionals have noted the decline in vulnerabilities addressed by Microsoft this year, which is being seen as a positive reflection on secure code, rather than a sign that Patch Tuesday isn’t as effective as it was. The graph below shows the significant drop in 2012 over the two previous years.

Microsoft pushed out 83 bulletins this year, down from 100 in 2011. “Maybe even more important than the raw numbers is the more regular release rhythm that Microsoft set this year. We see this as a clear sign of a more mature process,” Kandek added.

How well do you know Internet security? Try our quiz

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

24 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago