Security Advisor

Microsoft Will Finish 2013 with 5 'Critical' Fixes

Microsoft's December patch will also arrive with 6 "important" bulletin items.

Microsoft's December Security Update will be arriving on Dec. 10 with five bulletins rated "critical" and six "important" items, according to the Security Bulletin Advance Notification, released today.

The five critical items all address remote code execution flaws in Windows, Office, Lync and Exchange. While details on the bulletins are purposely held back by Microsoft until the patch is released, it's safe to assume that the item connected to the Internet Explorer flaw will be IT's first priority on Tuesday, as flaws associated with Web browsers tend to be the easiest to exploit by attackers.

As for the six important bulletins, they will address flaws in Microsoft Server Software, Windows Microsoft Developer Tools and a security feature bypass issue in Office

Tyler Reguly, technical manager of security research and development at security firm Tripwire, said that even though that last item is not rated critical, it will be worth keeping an eye out for.

"We've got an Office patch that's listed as a security feature bypass," said Reguly. "These issues are usually pretty interesting, so I'll be excited to see what this update is fixing and how it can be leveraged by an attacker."

We'll have to wait until Tuesday to see how interesting it turns out to be.

Microsoft's TIFF graphics flaw, first disclosed at the beginning of November, will once again miss an official release. However, keeping Adobe Reader up to date should make it a non-issue.

Look for Microsoft's December Security Update to arrive around 10 a.m.PST on Tuesday.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube