| Home : December 08 2013 Computer News : Microsoft's last Patch Tuesday of 2013 will be huge |
|
Microsoft's last Patch Tuesday of 2013 will be huge |
December 08, 2013
Microsoft is wrapping up the year’s Patch Tuesday bulletins next week with 11 more fixes, pushing the total for 2013 to 106, up from last year’s total of 83.
Five bulletins ranked critical all hold the potential for enabling remote code execution on victimized machines and affect a wide range of platforms including most versions of Windows, Windows Server, Internet Explorer, SharePoint and Exchange.
The patches will include a remedy for the .TIFF zero day vulnerability, a flaw in Microsoft Graphics that leaves Microsoft Office and Lync apps and Windows open to attack. Common exploits of the vulnerability include a Word file containing a malicious .TIFF image that leads to the attacker gaining control of the machine with current user rights. “In this vulnerability, an attacker needs to convince a user to preview or open a bad TIFF image for exploitation,” says Paul Henry, a forensics and security analyst for Lumension. “Because we know persuading users to click isn’t always that hard to do, a patch for this one is definitely welcome.”
The problem and exploits in the wild were discovered last month, but Microsoft didn’t deem it worth an out-of-band fix.
To read this article in full or to leave a comment, please click here
Link: http://www.pcworld.com/article/2070661/microsofts-last-patch-tuesday-of-2013-will-be-huge.html#tk.rss_all
|
|
|
|
|
