Microsoft’s Final Security Update of the Year Fixes IE, Word and Office Web Apps

Madeleine Dean By: Madeleine Dean
2 minute read

Home » Windows » Microsoft’s Final Security Update of the Year Fixes IE, Word and Office Web Apps

Microsoft has launched the last security patch for this year, fixing a number of critical vulnerabilities in Internet Explorer, Word and Office Web Apps.
microsoft-releases-final-security-update-for-2014
Since the tech giant doesn’t release these security improvements for nothing, it is recommended that users get the new updates as soon as possible in order to avoid any possible attacks from malicious software.

Microsoft has patched fourteen vulnerabilities in Internet Explorer. The most important involved remote code execution that allowed the attacker to gain user rights. This was done through a specially developed webpage that incorporated the malicious software.

“The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.”, the official bulletin summary informs.

Secondly,a malicious software that had the same modus operandi like the Internet Explorer thread, was also lurking in the dark for Word and Office Web Apps users. The malicious code was incorporated into a Word / Office document.

“The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The remote code execution bug also targeted the VBScript scripting engine and users got infested in the same old fashioned manner. They visited a specially crafted website and the system got infected.

Thirdly, Adobe Flash Player has been incorporated into Internet Explorer together with a new version that fixes major vulnerabilities. In order to install the new flash player, the browser has to be rebooted. This also means that Windows Update now delivers the patches for the flash player.

These are the most important security updates for December. For more information about the vulnerabilities patched this month, go to Microsoft’s page.

READ ALSO: KB3002339 Update Causes Problems for Windows 7 and 8.1 Users

Discussions

Next up

Mic not working in Windows 10 Xbox app? Here are 7 fixes

Aleksandar Ognjanovic By: Aleksandar Ognjanovic
5 minute read

The Xbox app for Windows 10 was intended as a cross-platform all-in-one gaming hub. However, since its ascension, it hasn’t worked all that great, both […]

Continue Reading

This is how we fixed Microsoft Solitaire Collection error 404017

Aleksandar Ognjanovic By: Aleksandar Ognjanovic
4 minute read

There’s a lot of good things going for Microsoft Solitaire Collection. The recently-revamped game set of various games was mostly welcomed by avid solitaire players […]

Continue Reading

Windows 10 Semi-Annual Channel Update killed for business users

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

A formal announcement made by Microsoft suggests that Windows Update will no longer have the Semi-Annual Channel (Targeted) option also referred to as SAC-T option starting […]

Continue Reading