Patch Tuesday preview highlights four Microsoft updates ranked "important"

Share this article:
One of the patches will fix a zero-day flaw affecting Windows XP and Windows Server 2003 users.
One of the patches will fix a zero-day flaw affecting Windows XP and Windows Server 2003 users.

This month's Patch Tuesday update will bring four fixes for vulnerabilities in Microsoft Windows, Server, Office and enterprise planning software Dynamics AX.

All of the patches, or Microsoft “bulletins,” have been rated “important” by the company, meaning no critical flaws are scheduled to be addressed in January.

On Thursday, Microsoft released its advanced notification of updates due out Jan.14.

Bulletin 1 will patch Office and Microsoft Server, in order to prevent remote code execution (RCE) by attackers, and Bulletins 2 and 3 will plug elevation of privilege bugs in Windows. Bulletin 4 rectifies security issues in Microsoft Dynamics AX, which could allow denial-of-service attacks upon exploitation.

Microsoft Dynamics AX is enterprise software that supports operational and administrative planning, such as accounting, supply chain and other business tasks.

Of note, Bulletin 2 is expected to deliver the awaited fix for a zero-day vulnerability (CVE-2013-5065) in Windows XP and Server 2003, which was leveraged in a limited amount of targeted attacks in November.

In a Thursday blog post, Wolfgang Kandek, CTO of Qualys, noted the absence of planned Internet Explorer fixes in Microsoft's rather light update this month.

“While there is no update for Internet Explorer, taking care of your browser should still be among your highest priority items,” Kandek said. “Running the most updated browser version is the best way to deal with the web based attacks, which have increased their heft in 2013. They are now the main threat vector, and more companies have been infected through web-based attacks than through e-mail,” he warned.

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.