News

Microsoft's December Security Patch Laden with 13 Bulletins

• By Chris Paoli
• 12/13/2011

December's security update arrived with 13 items to fix in Microsoft products, ranging from Windows to Office, and Internet Explorer too. The good news is that only three items were rated "critical" as they are associated with remote code execution flaws found in Windows. The remaining "important" items address holes in Office, Windows and Internet Explorer.

Full details are described in the Microsoft Security Bulletin Summary for December 2011. Here are the highlights in this month's security patch rollup:

• MS11-087: This first critical item fixes a vulnerability in the Windows kernel that could lead to a remote code execution attack if a user opens a harmful document or visits a Web site containing TrueType font files.
• MS11-090: The second of three critical bulletins updates ActiveX to fix a privately reported flaw in Internet Explorer. An attacker can pull off a remote code execution attack if an IE user visits a harmful Web site with specific, harmful binary code.
• MS11-092:  The final critical item takes care of a remote code execution flaw in the Windows Media Player and Windows Media Center where a user becomes open for attack when a corrupted Microsoft Digital Video Recording (.DVR-MS) file is opened.
• MS11-088: This important bulletin closes a hole in the Microsoft Office Input Method Editor (IME) for the Simplified Chinese language that could lead to an elevation in privilege security hole. For an exploit to work, an attacker would have to run corrupted code in kernel mode on systems where the Microsoft Pinyin IME for Simplified Chinese is installed.
•  MS11-089: Here's another important item, this time addressing a remote code execution flaw in Microsoft Office. The vulnerability is enabled via a specially crafted Word file, which could let an attacker gain the victim's log-on rights on a system. The flaw is less of a risk if fewer users have administrative rights.
• MS11-091: This important entry fixes a remote code execution flaw in Microsoft Publisher. If exploited by an attacker, a user's computer could be completely taken over if a specially crafted Publisher file were to be downloaded and opened.
• MS11-093: Targeted at fixing a vulnerability in Windows XP and Windows Server 2003, this important bulletin patches an issue that could lead to a remote code execution action if a file with a harmful OLE object is opened.
• MS11-094: As with the majority of this month's items, this important bulletin also fixes a remote code execution flaw. This time, the problem occurs when an infected PowerPoint file is opened by an unsuspecting user.
• MS11-095: This important Active Directory fix deals with a remote code execution issue that could occur if a specially crafted application is executed when logged onto the Active Directory domain.
• MS11-096: The next important remote code execution fix deals with a remote code execution issue that, if left unpatched, could be exploited if a harmful Microsoft Excel file is opened.
• MS11-097: This important bulletin fixes an elevation of privilege issue in the Windows Client/Server Run-time Subsystem. It stops an attacker from logging onto a system and running a harmful application aimed at sending "a device event message to a higher-integrity process."  
• MS11-098: As with the last item, this important bulletin fixes a hole that could lead to elevation of privilege if a rogue application is run to exploit a specific error in the Windows kernel.
•  MS11-099: The final entry for the month is another important item that is categorized as a cumulative security update for Internet Explorer. If unfixed, a remote code execution attack could be deployed if an HTML file is opened in the same directory as a corrupted DLL file.

The 13 updates may sound like a daunting task for busy IT pros to handle. However, Joshua Talbot, security intelligence manager with Symantec Security Response, has some advice on prioritizing the security bulletins. Put IE further down on the list this time, he advises.

"We typically put Internet Explorer cumulative updates pretty high on our priority list," Talbot said in a released statement. "But this month none of the IE vulnerabilities are particularly high impact issues. They're still important, but we suggest prioritizing quite a few of the other bulletins ahead of them."

He suggests tackling the Windows Media player issue first (bulletin MS11-092) due to the relative ease in which the flaw might be exploited.

A system restart may be required for all bulletins, according to Microsoft.