Microsoft’s latest patch bundle closes some serious gaps – while one zero-day flaw remains open
The patche bundle fixes several new flaws (called “zero days” in the business), including one flaw that escaped November’s Patch Tuesday bundle, which allowed attackers to hit Microsoft Word users, with boobytrapped documents containing TIFF image files.
Flaws face a fix
Microsoft’s Patch Tuesday fixes, issued on the second Tuesday of the month, attempt to block all the most significant threats to software including Windows, Office and Internet Explorer. This time round, fixes include the TIFF vulnerability, as well as fixes for flaws in Lync, Exchange, Windows and Microsoft Developer Tools.
As always, a recently -notified flaw has slipped through the net. Dustin Childs, of Microsoft’s Trustworthy Security Group admitted that a security flaw affecting Windows XP and Windows Server 2003, known as CVE-2013-5065, is not yet patched.
This bug lets attackers with valid login credentials for these older Microsoft operating systems elevate their privileges. Childs promises a fix soon, and Microsoft has offered a list of suggested workarounds to the problem.
Lets hope at-risk computer users don’t have to wait until 2014 for a fix for that serious problem,” commented security expert Graham Cluley.
Are you a security expert? Try our quiz!