Seven different patches, five of them flagged as critical
Microsoft has just released the seven updates included in this month’s Patch Tuesday cycle and addressing 12 vulnerabilities in Windows, Internet Explorer, Word and Windows Server.Although all updates must be deployed as soon as possible, Microsoft recommends users to prioritize the installation of two critical updates aimed at Internet Explorer and Microsoft Word.
Update MS12-077 is supposed to fix an Internet Explorer flaw that has been found in absolutely all versions of the browser.
“You’ll notice there is no severity rating for IE versions prior to IE 9. On these versions, the update is a defense-in-depth change only. Although there are no known attack vectors for these versions, we still recommend that our customers using these versions apply the update,” Microsoft said.
The Microsoft Word patch, officially known as update MS12-079, is designed to fix a security vulnerability that would allow remote code execution. Here’s how Microsoft describes the flaw:
“An attacker could run code in the context of the logged-on user if they were to open a specially crafted Rich Text Format (RTF) file, or preview or open a specially-crafted RTF email message in Outlook while using Microsoft Word as the email viewer. This issue was privately disclosed and we’re not aware of any attacks or customer impact.”
In addition to these updates, Microsoft has also revised Security Advisory 2755801 to patch new issues discovered in Adobe Flash Player for Internet Explorer 10. This particular patch is being delivered as a cumulative update, so users do not need to download and install the previous fix.
As always, all patches are being delivered via the built-in Windows Update tool, while administrators can also download and install the fixes manually via the Microsoft Security Center.
Click here to load the Microsoft Security Bulletin Summary for December 2012 that comprises information on all updates, as well as download links for each fix.