Security Advisor

Microsoft Will Finish 2013 with 5 'Critical' Fixes

Microsoft's December patch will also arrive with 6 "important" bulletin items.

Microsoft's December Security Update will be arriving on Dec. 10 with five bulletins rated "critical" and six "important" items, according to the Security Bulletin Advance Notification, released today.

The five critical items all address remote code execution flaws in Windows, Office, Lync and Exchange. While details on the bulletins are purposely held back by Microsoft until the patch is released, it's safe to assume that the item connected to the Internet Explorer flaw will be IT's first priority on Tuesday, as flaws associated with Web browsers tend to be the easiest to exploit by attackers.

As for the six important bulletins, they will address flaws in Microsoft Server Software, Windows Microsoft Developer Tools and a security feature bypass issue in Office

Tyler Reguly, technical manager of security research and development at security firm Tripwire, said that even though that last item is not rated critical, it will be worth keeping an eye out for.

"We've got an Office patch that's listed as a security feature bypass," said Reguly. "These issues are usually pretty interesting, so I'll be excited to see what this update is fixing and how it can be leveraged by an attacker."

We'll have to wait until Tuesday to see how interesting it turns out to be.

Microsoft's TIFF graphics flaw, first disclosed at the beginning of November, will once again miss an official release. However, keeping Adobe Reader up to date should make it a non-issue.

Look for Microsoft's December Security Update to arrive around 10 a.m.PST on Tuesday.

About the Author

Chris Paoli is the site producer for and


  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

comments powered by Disqus