Microsoft’s latest Patch Tuesday security update fixes 11 serious flaws, but the company has been criticised for leaving a one-week-old flaw that is being exploited in the wild.
The patche bundle fixes several new flaws (called “zero days” in the business), including one flaw that escaped November’s Patch Tuesday bundle, which allowed attackers to hit Microsoft Word users, with boobytrapped documents containing TIFF image files.
Microsoft’s Patch Tuesday fixes, issued on the second Tuesday of the month, attempt to block all the most significant threats to software including Windows, Office and Internet Explorer. This time round, fixes include the TIFF vulnerability, as well as fixes for flaws in Lync, Exchange, Windows and Microsoft Developer Tools.
As always, a recently -notified flaw has slipped through the net. Dustin Childs, of Microsoft’s Trustworthy Security Group admitted that a security flaw affecting Windows XP and Windows Server 2003, known as CVE-2013-5065, is not yet patched.
This bug lets attackers with valid login credentials for these older Microsoft operating systems elevate their privileges. Childs promises a fix soon, and Microsoft has offered a list of suggested workarounds to the problem.
Lets hope at-risk computer users don’t have to wait until 2014 for a fix for that serious problem,” commented security expert Graham Cluley.
Are you a security expert? Try our quiz!
Rights group argues ChatGPT tendency to generate false information on individuals violates GDPR data protection…
European Commission says Apple's iPadOS is 'gatekeeper' due to large number of businesses 'locked in'…
As the cloud continues to be an essential asset for all businesses, developing and maintaining…
Internatinal conference in Vienna calls for controls on AI-powered autonomous weapons to ensure humans remain…
Major Taiwan chip assembly and test firm KYEC to sell Jiangsu subsidiary, exit mainland China…
As deepfake technology continues to blur the lines between reality and deception, businesses and individuals…