Microsoft Going Critical on Tuesday

Microsoft is getting ready for its final patch Tuesday of the year with two critically rated fixes up its sleeve.

The company’s December Security Bulletin Advance Notification does not
provide any additional details about the two issues that will be patched this
coming Tuesday.

The critical patch is expected to address an exploitable flaw in Internet Explorer (IE).

The flaw involves a
potential cross-scripting issue that could trigger a Denial-of-Service (DoS) attack by way of a JavaScript onload event that calls the window function.

The flaw itself is not new, having already been reported some six months ago. Proof-of-exploit code emerged in November from security firm Computer Terrorism, which proved that the vulnerability could indeed be exploited.

Microsoft issued a security advisory soon thereafter to inform end users about the issue.

November’s patch Tuesday also included a patch that Microsoft had labeled “critical” as well. That patch fixed a flaw in the Windows rendering engine.

News Around the Web