Microsoft patched yesterday a dozen vulnerabilities in Internet Explorer (IE), Windows, Word and Exchange, IE10 failures solved first and bugs in Windows 8 and Windows RT for the second time.
Of the twelve security updates, spread over seven bulletins , nine were considered ‘critical’, while the rest have received the label of ‘important’.
Microsoft has asked administrators to prioritize the deployment of two critical bulletins to protect users from possible attack. These bulletins, affecting Internet Explorer and Microsoft Word , have the condition that, if exploited the vulnerabilities could allow an attacker to remotely execute code on an affected system without user’s knowledge.
Other vulnerabilities patched in the December update include fixes for bugs in Windows and Exchange. risks of these vulnerabilities include remote code execution and the ability to overcome the Windows security protections.
Experts warn of leadership that is taking Windows RT in the monthly updates from Microsoft. And besides patching the Windows PC-based systems and Windows Server, administrators also need to ensure that Windows-based tablets are parchaeadas RT.
As for Internet Explorer, a software engineer ensures that there is a bug in Internet Explorer 6-10 that could allow an attacker to do a tracking mouse movements of the user, thereby making the data entered through the virtual keyboards, such as those used for online banking access.
All details are explained in failure Bugtrag where it would be relatively easy to explain the failure to exploit high traffic sites and trusted buying advertising space. Thus, sites like YouTube, or the New York Times could become attack vectors.