Last Patch Tuesday of the Year Fixes 20 Vulnerabilities
Tuesday, the 13th of December, is December 2011 Patch Tuesday, the last Patch Tuesday of the year. This December Microsoft will release a total of 14 security bulletins to its customers. The aforementioned bulletins are meant to fix a grand total of 20 security vulnerabilities that plague the Windows operating system, the Office productivity suite, the Internet Explorer web browser, the Windows Media Player, and Microsoft Publisher.
Out of the 14 bulletins mentioned above, 3 are rated as critical and the remaining 8 are rated as important. The critical rating is the most severe rating used by Microsoft. The company uses the critical rating when it deals with a vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
And speaking about rating, let’s put the spotlight on the important rating as well. It is the second most severe rating after critical. Microsoft uses this rating when it deals with a vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
As part of the Patch Tuesday program, Microsoft releases patches for its products every second Tuesday of the month. This means that the 14 security bulletins mentioned above will be released today – Microsoft releases them at about 10AM PST. So we’re still a few hours away.
Before every Patch Tuesday, Microsoft releases an advance notification – the advance notification for December 2011 Patch Tuesday is available here. Right now it doesn’t provide a lot of info on the bulletins Microsoft will release. But after they bulletins are out, the advance notification will be updated with more info on the bulletins.
“As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible,” says Angela Gunn, Trustworthy Computing, Microsoft Security Response Center.
UPDATE: Microsoft released 13 instead of 14 security bulletins. A risk assessment is availalbe here.
Out of the 14 bulletins mentioned above, 3 are rated as critical and the remaining 8 are rated as important. The critical rating is the most severe rating used by Microsoft. The company uses the critical rating when it deals with a vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
And speaking about rating, let’s put the spotlight on the important rating as well. It is the second most severe rating after critical. Microsoft uses this rating when it deals with a vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
As part of the Patch Tuesday program, Microsoft releases patches for its products every second Tuesday of the month. This means that the 14 security bulletins mentioned above will be released today – Microsoft releases them at about 10AM PST. So we’re still a few hours away.
Before every Patch Tuesday, Microsoft releases an advance notification – the advance notification for December 2011 Patch Tuesday is available here. Right now it doesn’t provide a lot of info on the bulletins Microsoft will release. But after they bulletins are out, the advance notification will be updated with more info on the bulletins.
“As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible,” says Angela Gunn, Trustworthy Computing, Microsoft Security Response Center.
UPDATE: Microsoft released 13 instead of 14 security bulletins. A risk assessment is availalbe here.
