Microsoft has launched the last security patch for this year, fixing a number of critical vulnerabilities in Internet Explorer, Word and Office Web Apps.
Since the tech giant doesn’t release these security improvements for nothing, it is recommended that users get the new updates as soon as possible in order to avoid any possible attacks from malicious software.
Microsoft has patched fourteen vulnerabilities in Internet Explorer. The most important involved remote code execution that allowed the attacker to gain user rights. This was done through a specially developed webpage that incorporated the malicious software.
“The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.”, the official bulletin summary informs.
Secondly,a malicious software that had the same modus operandi like the Internet Explorer thread, was also lurking in the dark for Word and Office Web Apps users. The malicious code was incorporated into a Word / Office document.
“The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The remote code execution bug also targeted the VBScript scripting engine and users got infested in the same old fashioned manner. They visited a specially crafted website and the system got infected.
Thirdly, Adobe Flash Player has been incorporated into Internet Explorer together with a new version that fixes major vulnerabilities. In order to install the new flash player, the browser has to be rebooted. This also means that Windows Update now delivers the patches for the flash player.
These are the most important security updates for December. For more information about the vulnerabilities patched this month, go to Microsoft’s page.