Patch Tuesday Release Fixes Flaws in Windows 8, RT

Microsoft has released its monthly “Patch Tuesday” update. The release addresses 19 security vulnerabilities in Windows, IE, Excel and .NET.

PCMag’s Fahmida Y. Rashid reported, “Microsoft fixed 19 vulnerabilities in November’s Patch Tuesday update, four in Internet Explorer 9, and three in all versions of the Windows operating system, including the brand-new Windows 8. The company released six bulletins, four of which have been rated critical, according to the Patch Tuesday notification advisory. Microsoft said the update for Internet Explorer (MS12-071) and all versions of the Windows operating system (MS12-075) were the most urgent.”

Gregg Keizer from Computerworld quoted nCircle Security’s Andrew Storms who said, “I’m sure Microsoft is disappointed to have released Windows 8 in late October and have already issued patches for it. But truth be told, a lot of code is reused, and it shouldn’t be surprising to see bug fixes in Windows 8. Despite all the hype about newer platforms being the most secure, bugs will be found and bugs will be fixed.”

The Register’s John Leyden noted, “Vulnerability management firm Qualys rates the Internet Explorer update (MS12-071) as easily the most urgent. Left unpatched, the set of four flaws easily lend themselves to exploitation through drive-by download style attacks. Microsoft rates its exploitability as ‘1,’ which means that it is relatively easy to develop malicious code.”

TechTarget’s Jeremy Stanley observed, “Two Patch Tuesday’s have passed without a mention of Windows Server 2012. In November, that trend ended. Three critical bulletins Microsoft released this week as part of its monthly Patch Tuesday updates promise fixes for Windows Server 2012.”