The two recent zero-day vulnerabilities in Internet Explorer and the Graphics Rendering Engine found in late December and in early January, respectively, have been addressed by today’s Patch Tuesday release.
This month’s release comprises 12 bulletins, three of which are rated “critical” while the remaining nine are rated “important.” The other bulletins include those that address vulnerabilities in Windows Kernel, Microsoft Visio, Active Directory and Local Security Authority Subsystem Service (LSASS). A cumulative update for Internet Explorer is also provided, which covers two vulnerabilities, including one reported by Trend Micro Threat Solutions Engineer Yuki Chen.
Despite the number of bulletins, Microsoft’s list of notable bugs to patch has yet to be cleared, as the recently found vulnerability in MHTML remains unpatched.
Although no active attacks have been found exploiting the MHTML vulnerability, applying security measures to protect systems from possible exploits is strongly recommended. Users may opt to implement the workarounds that Microsoft has provided. Trend Micro product users are already safe from being victimized by exploits leveraging this specific vulnerability through Deep Security and OfficeScan with the Intrusion Defense Firewall (IDF) plug-in.
Microsoft is not the only one to update their software this patch tuesday, as Adobe also released patches for their products. Security updates were released for Adobe Reader and Acrobat, Adobe Flash Player, and Shockwave Player. All updates were rated as “critical”, and majority of the vulnerabilities may lead to remote code execution. As such, users are strongly advised to apply the patches for their respective software as soon as possible.