<p>Microsoft is repairing a critical vulnerability being actively used in zero-day attacks against its core graphics engine, but engineers are still working on a fix to a second known flaw in its Windows XP operating system.</p><p>A patch for the kernel-level graphical device interface was part of the company's December 2013 Patch Tuesday security updates. The Redmond, Wash.-based software maker repaired 24 flaws across its product line, releasing 11 bulletins this month, including five rated critical that address serious flaws in Internet Explorer, Windows, Microsoft Exchange and Microsoft Office.</p><p>The company issued an advisory in November acknowledging ongoing zero-day attacks targeting an error in the way Windows handles TIFF graphics files. The threat impacts users of Microsoft Office 2003 through 2010 as well as all supported versions of Microsoft Lync running on Windows XP, Windows Vista and Windows 7.</p><p>[Related: Top 5 Zero-Day Threats Of 2013]</p><p><a href="http://www.crn.com/news/security/240164626/patch-tuesday-microsoft-fixes-critical-zero-day-flaw-issues-browser-update.htm">Keep reading...</a></p><p>Read also:</p><p><a href="http://securitywatch.pcmag.com/software-patches/318761-microsoft-fixes-tiff-zero-day-in-december-patch-tuesday">Microsoft Fixes TIFF Zero-Day in December Patch Tuesday</a> (PC Magazine)</p><p><a href="http://www.gmanetwork.com/news/story/338975/scitech/technology/microsoft-wraps-up-2013-with-a-boatload-of-software-patches">Microsoft wraps up 2013 with a boatload of software patches</a> (GMA News)</p><p><a href="http://www.networkworld.com/community/blog/last-patch-tuesday-2013-fixes-5-critical-remote-code-execution-flaws">Last Patch Tuesday of 2013 fixes 5 critical remote code execution flaws</a> (Network World (blog))</p><p>Explore: <a href="http://news.google.com/news/more?ncl=dAIfOXgnBt7JwKMqUjzC549UByU4M&ned=us">181 additional articles.</a></p>