Eight patches, 28 vulnerabilities for festive Patch Tuesday

By

Microsoft has closed out the year with a mammoth security update -- fixing 28 vulnerabilities, many of them Office and web flaws.


In its largest security update of the year, Microsoft on Tuesday delivered eight patches to correct a monster 28 vulnerabilities.

Six of the bulletins address "critical" bugs, while two others involve vulnerabilities rated "important."

"The sheer number of vulnerabilities being patched is what grabs my attention," said Ben Greenbaum, senior research manager at Symantec Security Response. "They all have the potential to be dangerous if not patched."

Seven of the patches affect client-side applications, including Office, Internet Explorer, ActiveX and Graphics Device Interface (GDI), said Andrew Storms, director of security operations at nCircle.

"Following the vulnerability trend of the past few years, in order to take advantage of these bugs, attackers need to entice the user to take action, such as going to a malicious website or opening a file containing malware," Storms said.

He added that he expects attackers to attempt to exploit the flaws this holiday season through social engineering tricks, such as fake e-cards and websites claiming to offer animation and Christmas songs.

Microsoft also published a new security advisory warning of a vulnerability in the Wordpad Converter for Word 97 files, Christopher Budd, security program manager for Microsoft, wrote Tuesday on the company's security blog. The bug affects Windows 2000 Service Pack (SP) 4, XP SP 2 and Server 2003 SP1 and SP2. Workarounds are available.

"We are aware of very limited and targeted attacks seeking to exploit this vulnerability," he said.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
eightholidaymicrosoftspatchespresentsecurityvulnerabilities

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?