A flaw in Microsoft’s Word processor ranges among the top problems covered by December’s Patch Tuesday fixes, closing a hole that permits running malevolent code on targeted machines regardless of whether users open the infected file.
This and 4 additional patches that are marked ‘critical’ this patch Tuesday.
“In this case we assume the ‘critical’ rating comes from Outlook, which can be configured to use Word to visualize documents in its preview pane,” says Qualys CTO Wolfgang Kandek. “This is an automatic mechanism that does not require user interaction. In any case, this will be an important bulletin to watch out for.”
The patch is rated as Important for Word 2003 SP3 and critical for Word 2007 SP2 & 3 and Word 2010 SP1.
Another notable patch is a problem that is effecting IE6 through 10 which allows attackers to remotely execute code on a victims computer. You can read about all of the patches this Tuesday: HERE.