14 DAY TRIAL // Microsoft has officially launched the first Patch Tuesday updates of the year, fixing six different vulnerabilities in Windows, Office, and Dynamics AX.
This is the first time in several months when Microsoft isn’t releasing a patch for Internet Explorer, which could be a sign that Redmond’s in-house browser is actually becoming more secure.
Of course, the star of the rollout is bulleting MS14-002, called “Vulnerability in Windows Kernel Could Allow Elevation of Privilege” and supposed to fix a flaw in Windows XP that would allow attacks to compromise a machine running this particular OS version with the help of a malicious PDF document.
“This bulletin addresses the issue first described in Security Advisory 2918840, which allows an attacker to perform an elevation of privilege if they are able to log on to a system and run a specially crafted application,” Microsoft explained.
At the same time, the company added that it’s indeed aware of some attacks trying to exploit this flaw, so it’s vital for users running Windows XP to deploy the available updates as soon as possible.
“We are aware of targeted attacks using this vulnerability, where attackers attempts to lure someone into opening a specially crafted PDF to access the system. Even when we first saw this, the PDF portion of the attack did not affect those with a fully updated system.”
Of course, all patches are being delivered via Windows Update, so no consumer interaction is needed in case this feature is turned on your Windows computer.
“The update provided by MS14-002 completely addresses the issue known to be under targeted attack, first described in Security Advisory 2914486. Customers with automatic updates enabled do not need to take any action,” Dustin Childs, group manager, Microsoft Trustworthy Computing, told us in a mail statement.