Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft wraps year with big security update

Geoff Duncan
By
Image used with permission by copyright holder

Microsoft is giving its customers a reassuring present for the holidays: a substantial security update that addresses 40 vulnerabilities across 17 bulletins in Microsoft Windows, Office, and Internet Explorer, along with server-based systems like SharePoint Server and Exchange. Among the fixes are five critical and two moderate patches for all versions of Internet Explorer, including a fix for a bug that could enable attackers to execute arbitrary code using invalid flag references in Cascading Style Sheets (CSS) used to specify how Web pages should be displayed.

The update also fixes a critical problem with Windows’ OpenType Font driver and patches the last known vulnerability being exploited by the infamous Stuxnet malware.

Recommended Videos

Microsoft first warned users about the CSS vulnerability in Internet Explorer in early November; although the problem applies to Internet Explorer 6, 7, and 8, Microsoft says IE6 and IE7 users saw the most impact. Other security fixes in Internet Explorer fix holes taht could enable attackers to take over a computer when a user simply loads a malicious Web site. Although the CSS vulnerability has been used in the wild, Microsoft says it’s not aware of any real world attacks that exploited the other vulnerabilities. Similarly, Microsoft does not know of any cases where the OpenType vulnerability was exploited.

Related

The sizable security updates follows a comparatively sedate November, which consisted of only three patches. Security experts are concerned that with both consumers and businesses distracted by the end-of-year holidays, they may defer installing Microsoft’s latest round of patches—which not only fixes more problems, but addresses at least one major vulnerability that is out there in the wild.

Editors' Recommendations

Topics
Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Frustrated security researcher discloses Windows zero-day bug, blames Microsoft
Laptop sitting on a desk showing Windows 11's built-in Microsoft Teams experience.

There's a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn't alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Read more
Microsoft Edge’s latest feature keeps you even more secure when browsing
microsoft edge chromium to roll out automatically soon chrome

The latest version of Microsoft Edge has a new hidden feature to keep you secure when browsing online. Known as "Super Duper Secure Mode," the feature improves the performance of websites and disables a browser engine commonly abused by hackers.

According to Microsoft, Super Duper Secure Mode works in two ways, balanced and strict. Balanced will learn what websites you use and trust them to use Just in Time Engine (JIT), which speeds up tasks in JavaScript. Strict, meanwhile, can break some websites, but will disable the Just in Time Engine for better security. Edge users can also add their own exceptions as they see fit.

Read more
Microsoft is working on new updates to make Windows 11 faster next year
One of the wallpapers from the Windows 11 sunset theme.

There's good news ahead for Windows 11 users, especially if the upgrade has left you with a sluggish system. Microsoft is promising that fixes and updates are on the way next year that will improve the performance of the operating system, which has received numerous complaints from Windows fans.

"Performance will be an area of focus for us in 2022," Microsoft's Windows developer team wrote in a Reddit Ask Me Anything (AMA) post as reported by TechRadar, noting that improving the responsiveness of Windows is a priority for the company. "A lot of that focus will go into startup/launch perf; in terms of UI elements rendering on the screen (after the framework is loaded), we've tested the scalability of doing things like putting 10k buttons on the screen, etc."

Read more