Microsoft patches five critical flaws

By

Makes 83 bulletins in 2012.

Microsoft is to release seven bulletins on its final patch Tuesday of 2012, fixing five critical issues.

Microsoft patches five critical flaws

According to an advance notification, the critical bulletins will address vulnerabilities in Windows, Word, Windows Server and Internet Explorer. The other two patches are rated as important and will address issues in Windows.

Trustwave SpiderLabs director of security research Ziv Mador said six out of the seven result in remote code execution.

"The last one deals with something Microsoft is calling a ‘Security Feature Bypass' and is only in Windows Server 2008 and 2012. Despite being only rated as important that one is looking very interesting this month," Mador said.

“Bulletin one looks to be extremely nasty, allowing Remote Code Execution in Internet Explorer 6, 7, 8, 9 and 10, including the version of Internet Explorer on that shiny new Microsoft Surface running Windows RT. This makes it the second patch in as many months for Microsoft's new gadget.”

nCircle director of security operations Andrew Storms said the IE patch would be a priority for most.

“There's a worrisome Exchange server bug marked critical.  IT teams will need to spend the time reviewing this bulletin next Tuesday to better understand the risk and decide if they need to patch it immediately," Storms said.

"This could be a tricky decision for businesses focused on year end revenue because patching the bug may cause some downtime as the year comes to a close. Each individual business will have to decide if the risk of downtime is greater than the risk of being vulnerable.”

Microsoft had 100 bulletins for the calendar year, of which 34 were critical, 63 important and three moderate. In 2012, they reduced the number of bulletins by close to 20 per cent.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Log In

  |  Forgot your password?