In total, Microsoft’s December Patch Tuesday security update is fixing 12 vulnerabilities spread across Windows Internet Explorer (IE), Word and Windows Server.
At the top of the list is a critical update that fixes three separate vulnerabilities in IE. The IE fixes are cumulative and patch all current versions of Microsoft’s browser, though the impact is more severe in IE 9 and 10.
All of the IE fixes involve use-after-free memory vulnerabilities. In a use-after-free condition, memory that has already been legitimately allocated is leveraged for malicious use by an attacker.
“A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted,” Microsoft warns in its advisory.”The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.”
Read the full story at eSecurity Planet:
Microsoft’s December Patch Tuesday Fixes IE
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.