MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

Summary: Microsoft is planning another massive Patch Tuesday this month: 17 bulletins with fixes for 40 security vulnerabilities.

SHARE:
TOPICS: Security, Microsoft
22

Microsoft is planning another massive Patch Tuesday this month:  17 bulletins with fixes for 40 security vulnerabilities.

The December batch of patches will cover security holes in Microsoft Windows, Office, Internet Explorer, SharePoint and Exchange, according to an advance notice posted Thursday.

Of the 17, Microsoft said two bulletins will be rated "critical," the company's highest severity rating.  Of the remainder, 14 will be rated "important."

[ SEE: Stuxnet -- A possible attack scenario ]

All versions of the Windows operating system are affected, including the newest Windows 7 and Windows Server 2008 R2.follow Ryan Naraine on twitter

Microsoft said it will also patch the last of the vulnerabilities used in the infamous Stuxnet malware attack.  The last outstanding Stuxnet bug is a elevation of privilege flaw in the Windows Task Scheduler.  Exploit code for this vulnerability is public and works against systems running Windows Vista, Windows 7 and Windows Server 2008.

A separate vulnerability in the Internet Explorer browser will also be addressed this month (see advisory).

This month's updates will bring the total bulletins for this year to 106, the most ever.

The MSRC blog offers an explanation for this:

This is partly due to vulnerability reports in Microsoft products increasing slightly, as indicated by our latest Security Intelligence Report. This isn't really surprising when you think about product life cycles and the nature of vulnerability research. Microsoft supports products for up to ten years. (One of our most popular operating systems from the turn of the century, XP SP2, reached its end-of-support life in mid-2010, in fact.) Vulnerability research methodologies, on the other hand, change and improve constantly. Older products meeting newer attack methods, coupled with overall growth in the vulnerability marketplace, result in more vulnerability reports. Meanwhile, the percentage of vulnerabilities reported to us cooperatively continues to remain high at around 80 percent; in other words, for most vulnerabilities we're able to release a comprehensive security update before the issue is broadly known.

ALSO SEE:

Topics: Security, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

22 comments
Log in or register to join the discussion
  • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

    Not bad, not bad at all. Lets hope everyone gets around to updating. The home users I'm not worried about because they have automatic updates enabled by default and won't change that. But the corporate users as well as the SOHO people, that is where the problem of these vulnerabilities lies.

    One last thing, so long stuxnet, we hardly knew ya. Again, Microsoft turns the hackers upside down.
    Loverock Davidson
    • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

      @Loverock Davidson
      Until new vulnerabilities are discovered and the hackers find ways to manipulate them to their advantage worse then what Stuxnet did.
      Myoga-
      • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

        @Myoga- <br><br>Although true, the same can be said for every OS that receives inputs from the outside world via LAN, WiFi, USB, CD/DVD/BlueRay, floppy disk, firewire, bluetooth or any other method you can think of communicating with any device/hardware that has touched any other system, in theory even mouse and keyboard.
        Cyrorm
      • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

        @Myoga-
        Agree
        Alan (aka Loverock) likes to sugar coat everything Microsoft, no money other wise.
        daikon
      • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

        @Myoga-
        True, but its getting harder, MUCH harder for them to do that. Nowadays a user has to go out of his way to be able to get such malware installed.
        Loverock Davidson
      • Oh give it a rest.

        @daikon: <i>Alan (aka Loverock) likes to sugar coat everything Microsoft, <b>no money other wise</b>.</i><br>
        Do you think anyone buys this or that it makes your argument stronger? Please tell me you're not that stupid.
        ye
      • Give what a rest

        @YE
        It?s not an argument its fact. Your point is what?
        I know a man named ye from Korea, is this Mr. Ye?
        (Me-un-hum-me-da)
        daikon
      • So the answer is...yes, you are that stupid.

        @daikon: Why am I not surprised to learn this?
        ye
      • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

        @YE
        Acting like a kid now, grow up.
        daikon
      • Yes, you certainly are.

        @daikon: [i]Acting like a kid now, grow up.[/i]

        And yes, you should.
        ye
    • How many critical update does it require

      To qualify for the ZDNet "gaping security holes" regularly applied to Apple security bulletins? ;-)
      Richard Flude
      • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

        @Richard Flude
        Ok I'll amuse you. What does this have to do with Apple?
        Loverock Davidson
      • @Loverock: yup, why do they bring up Apple in every discussion

        So annoying.
        NonZealot
      • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

        @NonZealot
        I have no idea why they do.
        Loverock Davidson
    • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

      @Loverock Davidson

      Only Kraft's swiss cheese has more holes than a MS OS.
      Over and Out
  • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

    I think the Microsoft gorrilla marketers have destroyed this ZDNet site. They are the only ones still posting here. I hardly ever come here anymore because of these posts.
    gertruded
    • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

      @gertruded Gotta agree, and I'm a Microsofty. The number of intelligent posts took a nosedive around the time they did the site makeover. The posters with something to say left shortly thereafter. What a shame.
      ejhonda
    • Thank God!

      @gertruded: <i> I hardly ever come here anymore because of these posts.</i>

      You haven't been missed.
      ye
      • Guilty?

        [i]You haven't been missed.[/i]

        Sounds like you're one of the ones he was talking about.
        search &amp; destroy
  • RE: MS Patch Tuesday heads-up: 17 bulletins, 40 vulnerabilities

    Oh boy, I thought windoze 7 was supposed to fix all this!

    (un)awesome!!
    search &amp; destroy