The Inquirer-Home

Microsoft issues 11 security bulletins for the last Patch Tuesday of 2013

Addresses a zero-day vulnerability for bad TIFF images on Windows XP systems
Tue Dec 10 2013, 10:44
Microsoft logo at its Redmond headquarters

SOFTWARE PATCH FACTORY Microsoft has released its last Patch Tuesday list for 2013, issuing 11 bulletins, five of which are rated critical.

These last 11 bulletins cover Internet Explorer, Windows operating systems and Microsoft Office software, bringing the total number of patches released by the Redmond firm in 2013 to 106, up from last year's total of 83.

The most critical security bulletin addresses a zero-day vulnerability documented by the November Microsoft Graphics Components advisory 2896666, affecting Windows, Office and Lync through Microsoft Office 2007 installed on Windows XP.

"In this vulnerability, an attacker needs to convince a user to preview or open a bad TIFF image for exploitation. Because we know persuading users to click isn't always that hard to do, a patch for this one is definitely welcome," said Lumension forensics and security analyst Paul Henry.

Microsoft's bulletin also sees the release of a critical cumulative update to patch a vulnerability that could allow remote code execution in Internet Explorer.

"The other critically ranked bulletins [are] remote code executions that impact Microsoft Windows and Exchange," added Henry.

The six security bulletins rated important deal with local elevation of privilege vulnerabilities in Windows and Microsoft Developer Tools, plus an information disclosure and security feature bypass in Microsoft Office. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?