3 critical updates for Windows 8 on Patch Tuesday
November's Patch Tuesday contains a total of six bulletins that rectify a total of 19 vulnerabilities. Four of these bulletins are tagged as critical, with the final one flagged as important. Three of these critical vulnerabilities affect all versions of operating systems from Microsoft (NASDAQ: MSFT), including the newly released Windows 8 and Windows Server 2010. A couple will also require a patch to Microsoft Windows RT, and a system restart will be needed for those.
"Most organizations will be affected by these critical bulletins as they relate to legacy codebase that is present even in Microsoft's most recent releases, such as Windows 8 and Windows Server 2012," said Marcus Carey, a security researcher at Rapid7. "The truth is that Microsoft and other vendors have significant technical debt in their code base which results in security issues."
Another critical update will resolve vulnerabilities in Internet Explorer which can be used in both drive-by and targeted attacks. The former means that an attack will be able to compromise an unpatched system just because a user visits a malicious web page.
Finally, the sole "important" update pertains to Microsoft Office, which can allow remote code execution upon opening a specially crafted Office document. However, users must first be coerced or tricked into opening the document.
- check out this article at ITPro