Microsoft released 11 bulletins for the final Patch Tuesday of the year. In 2013, we saw a total of 106 bulletins, which is an increase of 22 percent over 2012’s total count.
December’s patches include five critical, six important, and they cover 24 CVEs. As promised, Microsoft addressed the Graphics Components vulnerability in bulletin MS13-096. This one is rated critical and should be your first priority, despite the hot-fix that’s been in place since November. It affects Windows, Office and Lync through Office 2007 installed on XP. In this vulnerability, an attacker needs to convince a user to preview or open a bad TIFF image for exploitation. Because we know persuading users to click isn’t always that hard to do, a patch for this one is definitely welcome.
Missing this month is a bulletin for the vulnerability currently under limited targeted attacks in the Windows kernel component in XP and Server 2003. Your best option is the security advisory Microsoft recently released, 2914486. This is perhaps another reminder that end-of-life is now just four months out for Windows XP and users still running it should move to a current generation operating system sooner rather than later.
The slideshow features a review of December's patches, provided by Paul Henry, forensic and security analyst at Lumension.
IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ... More >>
Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ... More >>
Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ... More >>