Avecto analyzed data from security bulletins issued by Microsoft throughout 2013 and concluded that 92% of all vulnerabilities reported by Microsoft with a critical severity rating can be mitigated by removing admin rights.
An Internet Explorer zero-day vulnerability (CVE-2014-0322) is actively exploited in the wild in a watering-hole attack targeting visitors to the official website of the U.S.
At first take, it looked like Microsoft would continue the 2014 trend of keeping patch Tuesday relatively light.
The website of popular Swedish tabloid Aftonbladet has been compromised to redirect visitors to a website sporting bogus infection warnings in order to trick them into buying a fake AV solution.
When compared with the numbers from the previous year, 2013 has seen an increase in reported security vulnerabilities and, what's more, the number of critical vulnerabilities has also risen - although it's considerably smaller than in 2009.