Microsoft Going Critical on Tuesday

Microsoft is getting ready for its final patch Tuesday of the year with two critically rated fixes up its sleeve.

The company’s December Security Bulletin Advance Notification does not provide any additional details about the two issues that will be patched this coming Tuesday.

The critical patch is expected to address an exploitable flaw in Internet Explorer (IE).

The flaw involves a potential cross-scripting issue that could trigger a Denial-of-Service (DoS) (define) attack by way of a JavaScript onload event that calls the window function.

The flaw itself is not new, having already been reported some six months ago. Proof-of-exploit code emerged in November from security firm Computer Terrorism, which proved that the vulnerability could indeed be exploited.

Microsoft issued a security advisory soon thereafter to inform end users about the issue.

November’s patch Tuesday also included a patch that Microsoft had labeled “critical” as well. That patch fixed a flaw in the Windows rendering engine.

This article was first published on

Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Top Products

Related articles