Security Advisor

Microsoft Will Finish 2013 with 5 'Critical' Fixes

Microsoft's December patch will also arrive with 6 "important" bulletin items.

Microsoft's December Security Update will be arriving on Dec. 10 with five bulletins rated "critical" and six "important" items, according to the Security Bulletin Advance Notification, released today.

The five critical items all address remote code execution flaws in Windows, Office, Lync and Exchange. While details on the bulletins are purposely held back by Microsoft until the patch is released, it's safe to assume that the item connected to the Internet Explorer flaw will be IT's first priority on Tuesday, as flaws associated with Web browsers tend to be the easiest to exploit by attackers.

As for the six important bulletins, they will address flaws in Microsoft Server Software, Windows Microsoft Developer Tools and a security feature bypass issue in Office

Tyler Reguly, technical manager of security research and development at security firm Tripwire, said that even though that last item is not rated critical, it will be worth keeping an eye out for.

"We've got an Office patch that's listed as a security feature bypass," said Reguly. "These issues are usually pretty interesting, so I'll be excited to see what this update is fixing and how it can be leveraged by an attacker."

We'll have to wait until Tuesday to see how interesting it turns out to be.

Microsoft's TIFF graphics flaw, first disclosed at the beginning of November, will once again miss an official release. However, keeping Adobe Reader up to date should make it a non-issue.

Look for Microsoft's December Security Update to arrive around 10 a.m.PST on Tuesday.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Warns SameSite Cookie Changes Could Break Some Apps

    IT pros could face Web application issues as early as next month with the implementation of a coming SameSite Web change, which will affect how cookies are used across sites.

  • Populating a SharePoint Document Library by E-Mail, Part 1

    While Microsoft doesn't allow you to build a SharePoint Online document library using e-mail, there is a roundabout way of getting the job done using the tools that are included with Office 365. Brien shows you how.

  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.