Microsoft quashes critical bugs in IE10, Windows 8, Word
"RTF documents are very relevant in the enterprise, and [MS12-079] should concern me if I'm using Outlook 2007 or 2010. That's a lot of people," said Miller.
Hackers can trigger a successful exploit by sending a maliciously-crafted email to Outlook 2007 and 2010 users who simply preview it. In that way, an exploit would be very similar to a browser "drive-by" attack.
Outlook 2003 users are at risk if they open, rather than preview, a malformed RTF attachment. The newest version of the suite, Office 2013, was not affected by the bug.
Other updates patched three vulnerabilities in Exchange, Microsoft's widely-used mail server; two critical bugs in Windows' font-parsing; a flaw in Windows' file handling; an important bug in DirectPlay; and another in the IP-HTTPS protocol that's used to create a VPN-like secure connection between Windows clients and servers.
The font-parsing update (MS12-078) contained two critical patches for Windows 8 and Windows RT, and the DirectPlay bulletin included a fix for an important Windows 8 vulnerability.
This was the second month running that Microsoft has patched its newest desktop and tablet operating systems.
Microsoft also re-released four older bulletins this month, a continuation of a project it kicked off in October, when it said it had uncovered "a clerical error made in code-signing" in updates issued as far back as June 2012.
Both Storms and Miller believed that today's re-releases would be the last from Microsoft. Previously, Microsoft said it would wrap up the project before the affected bulletins' certificates expired in early 2013.
December's seven security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through WSUS (Windows Server Update Services), the de facto patching mechanism for businesses.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Accelerating Network Convergence in Virtualized and Cloud Data Centers Adopting a converged networking strategy enables organizations to traffic server and storage I/O workloads on consolidated data throughput channels. Intelligent software helps optimize...
- Omnichannel: From Buzzword to Strategy Customers demand a seamless experience across channels, especially mobile. Read this whitepaper for a research-based framework for using omnichannel for higher customer engagement.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts