The first Patch Tuesday of the year is relatively light, with Microsoft rolling out only four bulletins for the month. Despite the small figure, users must update their systems immediately to avoid possible threats leveraging software vulnerabilities.
Included in this month’s release are updates for three privately reported vulnerabilities found in Microsoft Office. If exploited, these vulnerabilities could allow an attacker to gain the same user rights as the current user. Such access could prove damaging, especially to those with administrative user rights.
This month’s release also addresses two vulnerabilities that deal with elevation of privilege. The last bulletin addresses an issue affecting Microsoft Dynamics AX that can allow denial of service if the vulnerability is exploited.
January 2014 marks one of the last months that Windows XP will receive patches. As previously reported, Microsoft is ending its support of this particular OS on April 2014, a good few months away. Users and enterprises should seriously consider migrating to later versions of Windows to continue receiving patches for vulnerabilities.
Two other tech companies have also released patches and updates. Oracle has rolled out a Critical Patch Update containing 144 new vulnerability fixes for multiple products. Adobe, meanwhile, released fixes for Adobe Flash Player, Adobe Reader, and Adobe Acrobat.
Users are advised to apply these security updates as soon as possible, as well as visit the Trend Micro Threat Encyclopedia page.