Congratulations! We’ve come to the end of 2013 with 103 security bulletins, numerous nonsecurity updates, several security advisories, and a few zero-day threats.
Facing the end of official support, XP users end the year battling a resurgence of the svchost bug.
Note: Because Windows Secrets will be taking a break at the end of December, there will be no second Patch Watch column this month. But around Christmas time, I’ll be posting Patch Watch updates in the Windows Secrets Lounge/Windows Secrets Columns. So join me there for a bit of holiday fun!
The last Internet Explorer and Flash updates?
If only that were true. December brings the usual monthly security patches for Microsoft’s browser and Adobe’s Flash Player. For IE, KB 2898785 fixes seven vulnerabilities. The update is rated critical for all versions of IE, including IE 11. As always, you should apply IE updates even if it’s not your default browser.
The patched vulnerabilities are the usual suspects: remote-code execution and elevation of privileges. In other words, a user who clicks on a malicious website or link might let hackers remotely run malware on the user’s system — and then take control of the machine.
If you have Adobe Flash Player installed, make sure you’re on Version 11.9.900.170, as noted in the Dec. 10 Adobe Security Bulletin. Adobe’s Shockwave Player goes to Version 184.108.40.206, as noted in another security bulletin.