Windows RT joins the Patch Tuesday party

News 11 Dec, 2012

ARM-based Microsoft operating system gets bug fix.

Microsoft Surface tablet owners will receive another round of patches to fix flaws in the operating system for the second time in two months.

The fixes come alongside other patches to remedy vulnerabilities in other Microsoft products, including its desktop and server offerings as well as Internet Explorer.

Two of the patches for Windows RT are rated as "critical". One affects Internet Explorer 10 on Windows RT and the other is associated with the OS itself.

The IE flaw on Windows RT affects all versions of the browser from 6 to 10.

Alex Horan, senior product manager at security firm CORE Security, said hackers would be attracted to this flaw.

"This is a good one, a client side for Windows 7 and 8. A very attractive exploit to attackers to have," he said.

Other flaws have been flagged up for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 and Windows Server 2012.

Horan said the worst flaw in this month's Patch Tuesday was one that affected Microsoft Exchange.

"Wowser, a critical vulnerability in Exchange 2007 SP3 and 2010 SP1 and 2 - internet facing servers with remote code execution vulnerability, and email servers," said Horan.

"You don't just randomly turn off email servers without generating howls of protest from your company to fix this one. This is my number one vulnerability in the bunch."

Another notable vulnerability is one that affects Microsoft Word and allows remote code execution.

According to Paul Henry, forensics and security expert of Lumension, this flaw is similar to a bulletin issued a few months ago.

“There’s an issue with RTF formatted data that can be parsed in the Outlook Preview Pane, executing the vulnerability. Because of that, this will be very important to apply quickly," he said.

Organisations have been urged to update systems as soon as possible.