December 09 Patch Tuesday: 6 Security Bulletins, 12 Vulnerabilities
As part of the Patch Tuesday program (patches are released every second Tuesday of the month) Microsoft will release 6 security bulletins on the 8th of December. These 6 security bulletins address a total of 12 vulnerabilities that affect the Windows operating system, the Internet Explorer web browser and various products from the Microsoft Office productivity suite.
“For December we are planning to release six new security bulletins addressing 12 vulnerabilities in Windows, Internet Explorer (IE) and Microsoft Office products. Three of the bulletins have a maximum severity rating of Critical and three have a maximum severity rating of Important. To help customers plan for their deployment of these updates, I want to specifically call out that they touch all supported versions of Windows and IE. On the Office side, the bulletins impact Project, Word and Works 8.5. All of the updates for Windows will require a restart so please plan accordingly,” announced Jerry Bryant on behalf of the Microsoft Security Response Center (MSRC).
Here is a more in-depth look at the 6 security bulletins Microsoft will roll out this December:
Bulletin 1 – rated as critical, affects the Windows operating system, leads to remote code execution.
Bulletin 2 – rated as important, affects Windows and Office, leads to remote code execution.
Bulletin 3 - rated as critical, affects the Office productivity suite, leads to remote code execution
Bulletin 4 – rated as critical, affects Windows and IE, leads to remote code execution.
Bulletin 5 – rated as important, affects Windows, leads to denial of service.
Bulletin 6 – rated as important, affects Windows, leads to remote code execution.
It must be said that the December 09 Patch Tuesday will address the recently discovered IE vulnerability that only affects IE6 and IE7 users. Microsoft has already released Security Advisory 977981 to provide more details about the vulnerability. In the security advisory Microsoft explains that IE6 and IE7 are plagued by a critical vulnerability that could lead to remote code execution if exploited by someone with malicious intent. Microsoft also explains that no attacks attempting to exploit this vulnerability have been detected. To stay safe IE6 and IE7 users are advised to disable Active Scripting in the Internet and Local intranet security zones. Or they could just upgrade to IE8.
Additional info about the December 09 Patch Tuesday is available in this Advance Notification.
If you would like to get Internet Explorer 8, you can grab it straight from FindMySoft here.
“For December we are planning to release six new security bulletins addressing 12 vulnerabilities in Windows, Internet Explorer (IE) and Microsoft Office products. Three of the bulletins have a maximum severity rating of Critical and three have a maximum severity rating of Important. To help customers plan for their deployment of these updates, I want to specifically call out that they touch all supported versions of Windows and IE. On the Office side, the bulletins impact Project, Word and Works 8.5. All of the updates for Windows will require a restart so please plan accordingly,” announced Jerry Bryant on behalf of the Microsoft Security Response Center (MSRC).
Here is a more in-depth look at the 6 security bulletins Microsoft will roll out this December:
Bulletin 1 – rated as critical, affects the Windows operating system, leads to remote code execution.
Bulletin 2 – rated as important, affects Windows and Office, leads to remote code execution.
Bulletin 3 - rated as critical, affects the Office productivity suite, leads to remote code execution
Bulletin 4 – rated as critical, affects Windows and IE, leads to remote code execution.
Bulletin 5 – rated as important, affects Windows, leads to denial of service.
Bulletin 6 – rated as important, affects Windows, leads to remote code execution.
It must be said that the December 09 Patch Tuesday will address the recently discovered IE vulnerability that only affects IE6 and IE7 users. Microsoft has already released Security Advisory 977981 to provide more details about the vulnerability. In the security advisory Microsoft explains that IE6 and IE7 are plagued by a critical vulnerability that could lead to remote code execution if exploited by someone with malicious intent. Microsoft also explains that no attacks attempting to exploit this vulnerability have been detected. To stay safe IE6 and IE7 users are advised to disable Active Scripting in the Internet and Local intranet security zones. Or they could just upgrade to IE8.
Additional info about the December 09 Patch Tuesday is available in this Advance Notification.
If you would like to get Internet Explorer 8, you can grab it straight from FindMySoft here.
