Categories: SecurityWorkspace

Christmas Patch Tuesday Brings Scary Gifts

Microsoft has delivered a notable package of security fixes in its final Patch Tuesday of the year, covering a variety of operating systems and add-ons.

Seven bulletins were released by Microsoft, with five ranked as critical and two as important. In total, they deal with 12 vulnerabilities, covering a range of Remote Code Execution (RCE) flaws in popular software.

One of those RCE flaws is resident in Internet Explorer, thanks to a memory corruption bug, whilst another lies in Microsoft Word, which results from the way in which the program parses RTF files. For the latter, experts believe exploit code will be made public soon, so teams should get patching.

Patch Tuesday dangers

“An attacker can gain control of a computer without end user interaction because Microsoft Outlook automatically displays the malicious text in the Preview Pane,” warned Wolfgang Kandek, chief technology officer at Qualys.

As part of its security updates, Microsoft has also pushed out a new version of Flash in Internet Explorer 10, addressing three critical vulnerabilities. Adobe has put out its own patch too.

Security professionals have noted the decline in vulnerabilities addressed by Microsoft this year, which is being seen as a positive reflection on secure code, rather than a sign that Patch Tuesday isn’t as effective as it was. The graph below shows the significant drop in 2012 over the two previous years.

Microsoft pushed out 83 bulletins this year, down from 100 in 2011. “Maybe even more important than the raw numbers is the more regular release rhythm that Microsoft set this year. We see this as a clear sign of a more mature process,” Kandek added.

How well do you know Internet security? Try our quiz

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

5 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

8 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

9 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

10 hours ago