Security Advisor

Microsoft Will Finish 2013 with 5 'Critical' Fixes

Microsoft's December patch will also arrive with 6 "important" bulletin items.

Microsoft's December Security Update will be arriving on Dec. 10 with five bulletins rated "critical" and six "important" items, according to the Security Bulletin Advance Notification, released today.

The five critical items all address remote code execution flaws in Windows, Office, Lync and Exchange. While details on the bulletins are purposely held back by Microsoft until the patch is released, it's safe to assume that the item connected to the Internet Explorer flaw will be IT's first priority on Tuesday, as flaws associated with Web browsers tend to be the easiest to exploit by attackers.

As for the six important bulletins, they will address flaws in Microsoft Server Software, Windows Microsoft Developer Tools and a security feature bypass issue in Office

Tyler Reguly, technical manager of security research and development at security firm Tripwire, said that even though that last item is not rated critical, it will be worth keeping an eye out for.

"We've got an Office patch that's listed as a security feature bypass," said Reguly. "These issues are usually pretty interesting, so I'll be excited to see what this update is fixing and how it can be leveraged by an attacker."

We'll have to wait until Tuesday to see how interesting it turns out to be.

Microsoft's TIFF graphics flaw, first disclosed at the beginning of November, will once again miss an official release. However, keeping Adobe Reader up to date should make it a non-issue.

Look for Microsoft's December Security Update to arrive around 10 a.m.PST on Tuesday.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Shifting Away from Office 365 Brand Name in April

    Microsoft on Monday announced coming product naming changes, where "Office 365" is mostly getting replaced by the "Microsoft 365" brand.

  • Microsoft Grows Services Amid COVID-19

    Microsoft in a Saturday announcement recapped how its services have been affected by "shelter-in-place" governmental mandates in the last week, providing details on growth stats and prioritizations.

  • Microsoft Adds 6 More Months to Expiring Certification Programs

    Microsoft has announced an extension to the end date of three certification programs slated for retirement.

  • Microsoft's Surface Pro X: It's Like the Surface RT, But Better

    There's a lot about the Surface Pro X that's reminiscent of the ill-fated Surface RT. But despite the similarities, this might just be one of the rare cases where the sequel is better than the original.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.