Redmond has launched the final Patch Tuesday updates of the year. A total of 11 security bulletins aim to fix no less than 24 vulnerabilities, 4 of which are rated as Critical.
Some of these flaws have been floating around for a month now, and affect a number of Microsoft software including Windows, Internet Explorer, Office and Exchange — no surprises then that the company is recommending users to deploy these patches as soon as they can.
The highlight of the month is the MS13-096 bulletin that addresses the much publicized security vulnerability in Windows that gives an attacker control of an unpatched computer due to the way the operating system handles TIFF files.
Microsoft talks about this in the bulletin:
“This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.”
Internet Explore also gets a large cumulative update, dubbed MS13-097 that addresses a total of seven privately reported vulnerabilities in the browser:
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user.”
Long story short, various versions of Windows and Internet Explorer received new patches this month, so make sure you get online, download and deploy them.
These are, of course, delivered via the Windows Update option, meaning no user input is necessary.