In it's monthly patch fest, Microsoft has closed several security holes in Windows 8, Word and Internet Explorer 10. The company has released 7 updates of which 5 are marked critical and 2 marked as important. Together they'll have to fix 12 security vulnerabilities of which 9 could result in someone compromising your system or other serious security issues. Like the company did in November, Microsoft also had to release another patch for Internet Explorer. The update closes four security holes at once of which the majority are for IE 9 but also a vulnerability in IE 10 is secured.
Also Adobe has released an update today. This patch should fix three critical bugs in the Flash player of IE 10. Adobe is now using the same patch schedule as Microsoft for updates that concern the security of the Flash player.
The other Microsoft updates of December contain a fix for Microsoft Word that's mainly relevant for business users. The vulnerability exploits the way Word reads RTF files. Also the 2007 and 2010 versions of Outlook are affected with this update. Malware writers can exploit a bug in the software by sending specially prepared RTF documents to Outlook users. If they open the attachment with the file the computer is infected with malware.
Microsoft also released a patch for Windows 8 and Windows RT. This patch concerns the kernel mode drivers of the recently released operating systems. If an user opens a document or website that uses an infected TrueType or Openfont font, then malware makers become able to run malicious code on the system. Windows 8 users can also opt to receive an update for DirectPlay. Abuse of this part of the OS can be done if an user opens an infected document that exploits a bug in it. Also vulnerabilities of Exchange and the secure protocol IP-HTTPS that's used in the DirectAccess feature of Windows 7 and Windows 8 are patched. Most of the patches require a reboot of the system.
