Light Load for Last Patch Tuesday of 2012
CREDIT: Public Domain
Microsoft will push out seven new security bulletins tomorrow (Dec. 11) for its monthly Patch Tuesday update for all supported Windows operating systems, including Windows RT.
Five of the updates are rated critical, Microsoft's highest priority, the other two are rated important, covering a total of 11 vulnerabilities that, if not fixed, could allow hackers to work around Windows security features and remotely execute malicious code.
Wolfgang Kandek, CTO of Qualys, noted that the third update, rated critical, is somewhat unusual, as it affects Microsoft Word.
"Usually Microsoft downgrades even Remote Code Execution Office vulnerabilities to 'Important,' because a user interaction (e.g., opening a malicious file) is required," he said. "In this case we assume the 'critical' rating comes from Outlook, which can be configured to use Word to visualize documents in its preview pane. This is an automatic mechanism that does not require user interaction. In any case, this is an important bulletin to watch out for."
In 2012, Microsoft managed to reduce the number of updates it was required to issue by almost 20 percent, Lumension security analyst Paul Henry pointed out. In 2011, Microsoft issued 100 patches compared to 83 in 2012. Among those, 63 were critical bulletins in 2011 compared to 35 in 2012, a significant improvement.
Follow Ben on Twitter @benkwx.