Little Holiday Joy This Patch Tuesday

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
Next Little Holiday Joy This Patch Tuesday-8 Next

MS13-101 through MS13-104 and MS13-106: Important

MS13-101 updates five CVEs found in Windows kernel drivers that could allow elevation privilege. This bulletin is rated important and there are no active attacks. And MS13-102, Windows Local Procedure Call, could also allow the elevation of privilege. MS13-103 is a vulnerability in asp.net signal and MS13-104 is a vulnerability in Office that could allow information disclosure. There are limited active attacks on this one but it is not publicly known. MS13-106 covers a vulnerability in Microsoft Office 2007 and 2010 Shared Component that could allow a security feature bypass.

Microsoft released 11 bulletins for the final Patch Tuesday of the year. In 2013, we saw a total of 106 bulletins, which is an increase of 22 percent over 2012’s total count.

December’s patches include five critical, six important, and they cover 24 CVEs. As promised, Microsoft addressed the Graphics Components vulnerability in bulletin MS13-096. This one is rated critical and should be your first priority, despite the hot-fix that’s been in place since November. It affects Windows, Office and Lync through Office 2007 installed on XP. In this vulnerability, an attacker needs to convince a user to preview or open a bad TIFF image for exploitation. Because we know persuading users to click isn’t always that hard to do, a patch for this one is definitely welcome.

Missing this month is a bulletin for the vulnerability currently under limited targeted attacks in the Windows kernel component in XP and Server 2003. Your best option is the security advisory Microsoft recently released, 2914486. This is perhaps another reminder that end-of-life is now just four months out for Windows XP and users still running it should move to a current generation operating system sooner rather than later.

The slideshow features a review of December's patches, provided by Paul Henry, forensic and security analyst at Lumension.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

biometrics Biometrics: Moving Far Beyond Fingerprints

Biometrics are changing the way we think about security. Here are some of the more innovative ways biometrics are being used and what we can expect in the future. ...  More >>

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.