Next Tuesday, December 14, Microsoft will release 17 security bulletins and updates to address the 40 vulnerabilities disclosed in them.
Only 2 of the updates have a maximum rating of Critical, with 14 maxing out at Important and one at Moderate. This doesn’t mean that there are only 2 Critical vulnerabilities; in fact, as many as 25 could be critical. We won’t know those numbers, nor the full extent of the vulnerabilities, until Tuesday. The critical vulnerabilities affect various versions of Windows and Internet Explorer.
Among the bugs fixed will be the last of the Stuxnet zero-day vulnerabilities, a local privilege elevation attack which they say has not been seen in the wild outside of Stuxnet.The Internet Explorer fix appears to be the one publicly disclosed last month.
13 of the bulletins, including both Critical ones, affect Internet Explorer and all versions of Windows. Two Important bulletins affect Microsoft Office, another SharePoint Server 2007, and the final one affects x64-based Exchange Server 2007 Service Pack 2 and is rated Moderate.
There will also be several non-security updates on Tuesday including one for clock issues and issues caused by revised daylight saving time and time zone laws in several countries. There will also be the usual updates to the Malicious Software Removal Tool and Windows Mail Junk Filter.
In an entry on the MSRC (Microsoft Security Response Center) blog, MSRC Director Mike Reavey does a post-mortem on updates in 2010. The total for the year (unless it changes before Tuesday, which wouldn’t be unprecedented) is 106. This is up some over previous years. Reavey attributes this to increased outside reporting, which mostly means that there’s money to be made in bug bounty programs from TippingPoint, iDefense and the like.
– on Security Watch
Related Posts
- Many Updates on Patch Tuesday
Just as announced Friday last week, Microsoft released 17 security bulletins and according updates, fixing overall more than 60 security vulnerabilities in Windows, Internet Explorer, Office and the D... - Patch Tuesday Updates Fix Critical Flaws in IE, DirectShow
Microsoft's Patch Tuesday for June 2010 is here. Microsoft released a total of 10 new security bulletins, addressing 34 separate vulnerabilities, including critical flaws in DirectShow and the Interne... - Patch Now: 10 Updates for June Patch Tuesday
After a relatively quiet May with only two security bulletins, Microsoft comes out with 10 security bulletins in June’s Patch Tuesday release. Three of these were rated “critical,” which means these ... - Two updates expected on Patch Tuesday next week
Microsoft has said it will push two security bulletins on Patch Tuesday next week.Both are rated “critical” and fix vulnerabilities that could allow remote execution of arbitrary code. One will fix vu... - 64 Vulnerabilities Fixed by April Patch Tuesday
Compared with last month’s three security bulletins, Microsoft released a record-breaking 17 security bulletins to address 64 publicly disclosed vulnerabilities. This month’s release inclu... - April 2011 Patch Tuesday
Once again, this day of every month is the scheduled release of updates from Microsoft. April 2011 Patch Tuesday from Microsoft contains 17 security bulletins (covering 64 vulnerabilities) 9 of the is... - Patch Tuesday
Microsoft has issued 12 security bulletins making fixes in Windows, Office and Internet explorer.
MS11-003 -- Cumulative Security Update for Internet Explorer
Critical (Remote Code Execution)
Micro... - Adobe Patch Tuesday
Adobe has issued patches to fix a number of vulnerabilities in:
-- Adobe Reader X (10.0) for Windows and Macintosh;
-- Adobe Reader 9.4.1 (and earlier) for Windows, Macintosh and UNIX
-- Adobe Acro... - SSCC47- Now with transcript! Patch Tuesday, HBGary, Nasdaq hack, RBS WorldPay hacker and Pwn2Own
Michael Argast is my guest on this weeks Chet Chat as we discuss the weeks news you can use.
I have transcribed this episode (by hand) for the hearing impaired and those of you who prefer text to aud... - Patch Tuesday for February 2011 – Adobe and Microsoft
As expected, today Microsoft and Adobe published updates for Windows, Internet Explorer, Windows FTP service, Visio, Flash Player, Shockwave Player, Reader, Acrobat and ColdFusion.
Microsoft published...
Posted on 12 December 2010. Tags: Heavy, NonCritical, Patch, Tuesday, Updates
