Microsoft delivers Flash fix in Patch Tuesday package

Microsoft has released an update to address 12 vulnerabilities as well as a fix for Adobe Flash Player components in its latest security update.

The company said that the December edition of Patch Tuesday, the last scheduled security release of the year for Microsoft, would include seven total bulletins. Five of the bulletins have been rated as critical, while two are considered to be lowqer level "important" security risks.

Microsoft is advising administrators to prioritise the testing and deployment of two of the most severe bulletins to protect users from attack. The bulletins, which patch flaws in Internet Explorer and Microsoft word, address conditions which, if executed could allow an attacker to remotely execute code on a targeted system without user permission or notification.

Other vulnerabilities patched in the December update include fixes for flaws in Windows and Exchange server. Risks include remote code execution and the ability to bypass Windows security protections.

Microsoft also moved to address possible security flaws in the way Internet Explorer handles the Adobe Flash Player plug-in. The cumulative update will address Flash libraries to patch holes in IE 10 for Windows 8, Windows RT and Windows Server 2012 systems.

Marc Maiffret, chief technology officer with security firm BeyondTrust, pointed out the increasing role Windows RT is playing in the update cycle. In addition to patching Windows PC and Server systems, administrators will need to make sure that Windows RT tablets stay up-to-date with security fixes.

"Don’t forget that when you’re doing your holiday shopping, be sure to consider that the new ARM-based tablets running Windows RT are not immune to vulnerabilities," Maiffret said.

"This month marks the third bulletin being released to patch vulnerabilities in RT, fixing the fourth vulnerability since its release."