Patch Tuesday preview highlights four Microsoft updates ranked "important"

Share this article:
One of the patches will fix a zero-day flaw affecting Windows XP and Windows Server 2003 users.
One of the patches will fix a zero-day flaw affecting Windows XP and Windows Server 2003 users.

This month's Patch Tuesday update will bring four fixes for vulnerabilities in Microsoft Windows, Server, Office and enterprise planning software Dynamics AX.

All of the patches, or Microsoft “bulletins,” have been rated “important” by the company, meaning no critical flaws are scheduled to be addressed in January.

On Thursday, Microsoft released its advanced notification of updates due out Jan.14.

Bulletin 1 will patch Office and Microsoft Server, in order to prevent remote code execution (RCE) by attackers, and Bulletins 2 and 3 will plug elevation of privilege bugs in Windows. Bulletin 4 rectifies security issues in Microsoft Dynamics AX, which could allow denial-of-service attacks upon exploitation.

Microsoft Dynamics AX is enterprise software that supports operational and administrative planning, such as accounting, supply chain and other business tasks.

Of note, Bulletin 2 is expected to deliver the awaited fix for a zero-day vulnerability (CVE-2013-5065) in Windows XP and Server 2003, which was leveraged in a limited amount of targeted attacks in November.

In a Thursday blog post, Wolfgang Kandek, CTO of Qualys, noted the absence of planned Internet Explorer fixes in Microsoft's rather light update this month.

“While there is no update for Internet Explorer, taking care of your browser should still be among your highest priority items,” Kandek said. “Running the most updated browser version is the best way to deal with the web based attacks, which have increased their heft in 2013. They are now the main threat vector, and more companies have been infected through web-based attacks than through e-mail,” he warned.

Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.