Redmond rolls out this month’s Patch Tuesday fixes

Dec 10, 2014 06:28 GMT  ·  By

Microsoft has just released the last security updates of the year for its software solutions, thus patching a number of critical flaws in its products, including Windows and Internet Explorer.

Redmond rolled out a total of seven security bulletins this month, three of which were considered to be critical. Obviously, all users are recommended to get these updates as soon as possible in order to make sure that their data is not at risk when using supported Microsoft software.

Internet Explorer and Office getting critical fixes

Specifically, both Internet Explorer and Microsoft Office have received critical security fixes today, so in case you’re using any of these two products, make sure that you launch Windows Update in the next few hours.

In IE’s case, Microsoft says that it has patched a remote code execution flaw, fixing a total of fourteen privately reported vulnerabilities in the browser. This means that there’s no public exploit available for the time being, so you’re perfectly secure as soon as you install these patches.

The company warns that these exploits usually involve a malicious website that needs to be loaded in Internet Explorer. Once the user visits this specially crafted webpage, the attacker could get the same privileges as the current user, so you can figure out what could happen if you’re the administrator.

As far as Microsoft Office is concerned, the company’s security experts came across two vulnerabilities in Microsoft Word and Microsoft Office Web Apps which would again allow an attacker to get the same rights as the logged-on user with the help of a malicious Word document.

“If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Redmond says.

New Flash Player for Internet Explorer users

In addition to the aforementioned fixes, Internet Explorer users also receive a new Flash Player version that patches critical bugs found in this software solution.

Adobe Flash Player is now bundled into Internet Explorer, so all patches are automatically delivered through Windows Update, which means that no user input is required. At the same time, Internet Explorer users only need to reboot the browser to successfully install the new Flash Player build.

The same is happening for Google Chrome, as the Mountain View-based search giant also integrated Flash Player right into the browser, so updates are automatically shipped to their users as well, without the need for separate downloads.

Windows Update on Windows 8.1 (6 Images)

Windows Update on Windows 8.1
Windows Update on Windows 8.1 desktopWindows Update on Windows 8.1 desktop
+3more