Microsoft has pushed out its January "Patch Tuesday" security release, which includes seven updates that address 12 vulnerabilities in Microsoft software, including Windows and Office. Two of the seven updates are considered "critical," and IT administrators are encouraged to apply those patches right away.
Computerworld's Greg Keizer reported on Tuesday, "Microsoft today patched 12 vulnerabilities in Windows, Office and several server and development products, but as it hinted last week, did not come up with a fix for the Internet Explorer (IE) bug that cyber criminals have been exploiting for at least a month. Today was also a spring tide of sorts for patching, as Microsoft's updates were just some that vendors pushed to customers. Adobe also issued updates for Flash Player, Adobe Reader and Adobe Acrobat; Google shipped a new version of Chrome; and Mozilla delivered the next iteration of Firefox."
Sean Michael Kerner from eSecurity Planet explained, "Ross Barrett, senior manager of Security Engineering at security vendor Rapid7, told eSecurity Planet that many people were expecting a patch for the Internet Explorer zero-day threat. While this was not included in today's patch release, the only supported version of IE affected by the current 0-day is IE 8, so impact is largely limited to customers on Windows XP, he said."
SecurityWatch's Fahmida Y. Rashid added, "One of the critical patches was rated the 'most important patch in the lineup' by Qualys CTO Wolfgang Kandek as it affects every Windows version from XP to Windows 8, RT, and Server 2012, along with all versions of Microsoft Office, and other Microsoft applications, such as Sharepoint and Groove. The flaw in the MSXML library (MS13-002) could potentially be exploited by tricking users into visiting a malicious website, or by opening a booby-trapped Office document attached to an email."
ZDNet's Mary Jo Foley noted, "Along with the usual set of fixes and patches for Windows, Office and more, Microsoft is rolling out a firmware update for its Windows RT operating system as part of the update.... Like previous firmware updates, today's firmware update is specific to the Surface RT."