Security Advisor

Microsoft Will Finish 2013 with 5 'Critical' Fixes

Microsoft's December patch will also arrive with 6 "important" bulletin items.

Microsoft's December Security Update will be arriving on Dec. 10 with five bulletins rated "critical" and six "important" items, according to the Security Bulletin Advance Notification, released today.

The five critical items all address remote code execution flaws in Windows, Office, Lync and Exchange. While details on the bulletins are purposely held back by Microsoft until the patch is released, it's safe to assume that the item connected to the Internet Explorer flaw will be IT's first priority on Tuesday, as flaws associated with Web browsers tend to be the easiest to exploit by attackers.

As for the six important bulletins, they will address flaws in Microsoft Server Software, Windows Microsoft Developer Tools and a security feature bypass issue in Office

Tyler Reguly, technical manager of security research and development at security firm Tripwire, said that even though that last item is not rated critical, it will be worth keeping an eye out for.

"We've got an Office patch that's listed as a security feature bypass," said Reguly. "These issues are usually pretty interesting, so I'll be excited to see what this update is fixing and how it can be leveraged by an attacker."

We'll have to wait until Tuesday to see how interesting it turns out to be.

Microsoft's TIFF graphics flaw, first disclosed at the beginning of November, will once again miss an official release. However, keeping Adobe Reader up to date should make it a non-issue.

Look for Microsoft's December Security Update to arrive around 10 a.m.PST on Tuesday.

About the Author

Chris Paoli is the site producer for and


  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

  • Microsoft Suggests Disabling Old Protocols with Exchange Server 2019

    Exchange Server 2019 with Cumulative Update 2 (CU2) can help organizations rid themselves of old authentication protocols, which constitute a potential security risk.

  • Microsoft Previews New Edge Browser on Windows 7 and Windows 8.1

    Microsoft announced this week that it has released previews of its Chromium-based Microsoft Edge Web browsers for use on Windows 7, Windows 8 and Windows 8.1 systems.

  • Exchange Server June Cumulative Updates Arrive, But with Red Tape

    Microsoft released its quarterly cumulative updates (CUs) for Exchange Server 2013, 2016 and 2019 products this week, but added an extra step for IT pros to consider before installing them.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.