Microsoft quashes critical bugs in IE10, Windows 8, Word
"RTF documents are very relevant in the enterprise, and [MS12-079] should concern me if I'm using Outlook 2007 or 2010. That's a lot of people," said Miller.
Hackers can trigger a successful exploit by sending a maliciously-crafted email to Outlook 2007 and 2010 users who simply preview it. In that way, an exploit would be very similar to a browser "drive-by" attack.
Outlook 2003 users are at risk if they open, rather than preview, a malformed RTF attachment. The newest version of the suite, Office 2013, was not affected by the bug.
Other updates patched three vulnerabilities in Exchange, Microsoft's widely-used mail server; two critical bugs in Windows' font-parsing; a flaw in Windows' file handling; an important bug in DirectPlay; and another in the IP-HTTPS protocol that's used to create a VPN-like secure connection between Windows clients and servers.
The font-parsing update (MS12-078) contained two critical patches for Windows 8 and Windows RT, and the DirectPlay bulletin included a fix for an important Windows 8 vulnerability.
This was the second month running that Microsoft has patched its newest desktop and tablet operating systems.
Microsoft also re-released four older bulletins this month, a continuation of a project it kicked off in October, when it said it had uncovered "a clerical error made in code-signing" in updates issued as far back as June 2012.
Both Storms and Miller believed that today's re-releases would be the last from Microsoft. Previously, Microsoft said it would wrap up the project before the affected bulletins' certificates expired in early 2013.
December's seven security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through WSUS (Windows Server Update Services), the de facto patching mechanism for businesses.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- Feds declare big win over Cryptolocker ransomware
- Hackers hit more businesses through remote access accounts
- P.F. Chang's post-breach move to manual processing is telling
- Microsoft withholds monster IE update from Windows 8.1 dawdlers
- In baffling move, TrueCrypt open-source crypto project shuts down
- 'Oleg Pliss' hack makes for a perfect teachable IT moment
- Give IE the heave-ho until Microsoft patches zero-day
- Hackers find first post-retirement Windows XP-related vulnerability
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Improving IT Efficiencies: Four Advantages of Multi-Tenant Data Centers Increasing demands on IT are forcing organizations to rethink their data center options. For many organizations, that means turning to the flexibility afforded...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts