A total of 24 vulnerabilities are supposed to be patched this month
Microsoft has released the last Patch Tuesday updates of the year, trying to fix a total of 24 vulnerabilities with the help of 11 security bulletins, 4 of which have been rated as critical.The vulnerabilities that have been found since last month affect software solutions such as Microsoft Windows, Internet Explorer, Office and Exchange, and Redmond obviously recommends users to prioritize the deployment of the critical updates.
The star of the month is MS13-096, the bulletin that's supposed to address a vulnerability found in Windows and which would allow an attacker to gain control of an unpatched computer due to the way TIFF files are managed by the operating system.
Here's what Microsoft is saying in the official description of the bulletin:
“This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.
“As we highlighted through ANS, this update fully resolves the issue first described in Security Advisory 2896666. For those who installed the Fix it released through the advisory, you do not need to uninstall the Fix it prior to installing the update, but we do recommend disabling the Fix it after installation to ensure TIFF images are displayed correctly.”
Internet Explorer has also received a large cumulative update, labeled as MS130-07 and supposed to address a total of seven privately reported vulnerabilities.
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user,” Microsoft said.
As said, all Internet Explorer and Windows versions received patches this month, so make sure that you connect your computer to the Internet to automatically download them. Fixes are being delivered via Windows Update, so no user input is necessary.