Microsoft has delivered a notable package of security fixes in its final Patch Tuesday of the year, covering a variety of operating systems and add-ons.
Seven bulletins were released by Microsoft, with five ranked as critical and two as important. In total, they deal with 12 vulnerabilities, covering a range of Remote Code Execution (RCE) flaws in popular software.
One of those RCE flaws is resident in Internet Explorer, thanks to a memory corruption bug, whilst another lies in Microsoft Word, which results from the way in which the program parses RTF files. For the latter, experts believe exploit code will be made public soon, so teams should get patching.
As part of its security updates, Microsoft has also pushed out a new version of Flash in Internet Explorer 10, addressing three critical vulnerabilities. Adobe has put out its own patch too.
Security professionals have noted the decline in vulnerabilities addressed by Microsoft this year, which is being seen as a positive reflection on secure code, rather than a sign that Patch Tuesday isn’t as effective as it was. The graph below shows the significant drop in 2012 over the two previous years.
Microsoft pushed out 83 bulletins this year, down from 100 in 2011. “Maybe even more important than the raw numbers is the more regular release rhythm that Microsoft set this year. We see this as a clear sign of a more mature process,” Kandek added.
How well do you know Internet security? Try our quiz
Google parent Alphabet sees market capitalisation surge over $2tn on plan to over first-ever cash…
Google asks Virginia federal court to dismiss case brought by US Justice Department and eight…
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Intel shares sag after company shares gloomy revenue predictions, as data centre chip demand hit…
Germany's Tuta Mail says Google broke EU's new DMA rules with March algorithm update that…
US auto safety regulator opens new investigation into adequacy of Tesla Autopilot recall, saying it…