Share this article
Improve this guide
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Microsoft’s Final Security Update of the Year Fixes IE, Word and Office Web Apps
2 min. read
Updated onOctober 4, 2023
updated onOctober 4, 2023
Share this article
Improve this guide
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Microsoft has launched the last security patch for this year, fixing a number of critical vulnerabilities in Internet Explorer, Word and Office Web Apps.Since the tech giant doesn’t release these security improvements for nothing, it is recommended that users get the new updates as soon as possible in order to avoid any possible attacks from malicious software.
Microsoft has patched fourteen vulnerabilities in Internet Explorer. The most important involved remote code execution that allowed the attacker to gain user rights. This was done through a specially developed webpage that incorporated the malicious software.
“The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.”, the official bulletin summary informs.
Secondly,a malicious software that had the same modus operandi like the Internet Explorer thread, was also lurking in the dark for Word and Office Web Apps users. The malicious code was incorporated into a Word / Office document.
“The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The remote code execution bug also targeted the VBScript scripting engine and users got infested in the same old fashioned manner. They visited a specially crafted website and the system got infected.
Thirdly, Adobe Flash Player has been incorporated into Internet Explorer together with a new version that fixes major vulnerabilities. In order to install the new flash player, the browser has to be rebooted. This also means that Windows Update now delivers the patches for the flash player.
These are the most important security updates for December. For more information about the vulnerabilities patched this month, go toMicrosoft’s page.
READ ALSO:KB3002339 Update Causes Problems for Windows 7 and 8.1 Users
More about the topics:Internet Explorer Issues,microsoft,office
Madalina Dinita
Networking & Security Specialist
Madalina has been a Windows fan ever since she got her hands on her first Windows XP computer.
She is interested in all things technology, especially emerging technologies – AI and DNA computing in particular.
Prior to joining the WindowsReport team, she worked in the corporate world for a number of years.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Madalina Dinita
Networking & Security Specialist
Madalina is a Windows fan since forever, especially interested in AI, emerging technologies, privacy, and security.
