Eight patches, 28 vulnerabilities for festive Patch Tuesday

By

Microsoft has closed out the year with a mammoth security update -- fixing 28 vulnerabilities, many of them Office and web flaws.


In its largest security update of the year, Microsoft on Tuesday delivered eight patches to correct a monster 28 vulnerabilities.

Six of the bulletins address "critical" bugs, while two others involve vulnerabilities rated "important."

"The sheer number of vulnerabilities being patched is what grabs my attention," said Ben Greenbaum, senior research manager at Symantec Security Response. "They all have the potential to be dangerous if not patched."

Seven of the patches affect client-side applications, including Office, Internet Explorer, ActiveX and Graphics Device Interface (GDI), said Andrew Storms, director of security operations at nCircle.

"Following the vulnerability trend of the past few years, in order to take advantage of these bugs, attackers need to entice the user to take action, such as going to a malicious website or opening a file containing malware," Storms said.

He added that he expects attackers to attempt to exploit the flaws this holiday season through social engineering tricks, such as fake e-cards and websites claiming to offer animation and Christmas songs.

Microsoft also published a new security advisory warning of a vulnerability in the Wordpad Converter for Word 97 files, Christopher Budd, security program manager for Microsoft, wrote Tuesday on the company's security blog. The bug affects Windows 2000 Service Pack (SP) 4, XP SP 2 and Server 2003 SP1 and SP2. Workarounds are available.

"We are aware of very limited and targeted attacks seeking to exploit this vulnerability," he said.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?