Microsoft quashes critical bugs in IE10, Windows 8, Word
"RTF documents are very relevant in the enterprise, and [MS12-079] should concern me if I'm using Outlook 2007 or 2010. That's a lot of people," said Miller.
Hackers can trigger a successful exploit by sending a maliciously-crafted email to Outlook 2007 and 2010 users who simply preview it. In that way, an exploit would be very similar to a browser "drive-by" attack.
Outlook 2003 users are at risk if they open, rather than preview, a malformed RTF attachment. The newest version of the suite, Office 2013, was not affected by the bug.
Other updates patched three vulnerabilities in Exchange, Microsoft's widely-used mail server; two critical bugs in Windows' font-parsing; a flaw in Windows' file handling; an important bug in DirectPlay; and another in the IP-HTTPS protocol that's used to create a VPN-like secure connection between Windows clients and servers.
The font-parsing update (MS12-078) contained two critical patches for Windows 8 and Windows RT, and the DirectPlay bulletin included a fix for an important Windows 8 vulnerability.
This was the second month running that Microsoft has patched its newest desktop and tablet operating systems.
Microsoft also re-released four older bulletins this month, a continuation of a project it kicked off in October, when it said it had uncovered "a clerical error made in code-signing" in updates issued as far back as June 2012.
Both Storms and Miller believed that today's re-releases would be the last from Microsoft. Previously, Microsoft said it would wrap up the project before the affected bulletins' certificates expired in early 2013.
December's seven security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through WSUS (Windows Server Update Services), the de facto patching mechanism for businesses.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Malware and Vulnerabilities White Papers | Webcasts