1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Microsoft's December Patch Tuesday will fix bugs in Internet Explorer, Office and Windows

Discussion in 'Windows - Software discussion' started by ireland, Dec 5, 2014.

  1. ireland

    ireland Active member

    Nov 28, 2002
    Likes Received:
    Trophy Points:
    Microsoft's December Patch Tuesday will fix bugs in Internet Explorer, Office and Windows

    MICROSOFT WILL RELEASE its last Patch Tuesday of 2014 next week, an Advance Notification for the December security bulletin has confirmed.
    The patch, which will go live at 1pm on 9 December, will consist of seven bulletins – three 'critical' and four 'important' – covering Internet Explorer (IE), Office, Exchange and Windows. If all seven are released as planned, the total number of patches in 2014 will be 84.

    The update will also mean it is the eleventh time this year that IE will be patched for security vulnerabilities.

    "It appears that many of these weaknesses are being discovered through automatic 'fuzzing' techniques, which can often result in multiple vulnerability discoveries," said security firm Trustwave's threat intelligence manager, Karl Sigler.

    "Several of the CVEs included in this bulletin are 'Critical' and the most severe are likely to be memory corruption vulnerabilities."

    Sigler said IE users will "absolutely want to patch these vulnerabilities" as soon as possible, although none of the CVEs included in the release is currently being exploited in the wild.

    While the release doesn't tackle anything as nasty as the Schannel Remote Code Execution vulnerability (MS14-066) from last month, this doesn't mean the update should be skipped or delayed, though.

    A Malwarebytes spokesperson advised: "The fact that the three 'critical' bulletins affect IE, Office and Windows underlines this fact, as these are most likely to allow for remote code execution.

    "People should follow Microsoft's advice and apply these updates immediately."

    Microsoft's November Patch Tuesday was much bigger and fixed a total 33 bugs across all versions of Windows.

    The patch included four bulletins rated 'critical', eight rated 'important' and two rated 'moderate'.

    Among the critical bulletins was MS14-065, which patched 17 vulnerabilities in all supported versions of Internet Explorer (IE). The most severe of these could allow remote code execution if a user views a specially crafted webpage using IE.


Share This Page