Microsoft Advance Notification for December 2014

Microsoft will publish the last scheduled security release of the year on Tuesday, December 9th. This patch Tuesday release will include three bulletins rated "Critical" and four bulletins rated as "Important". Internet Explorer, Office, Exchange, and Windows will all be affected by the release.

For the eleventh time this year, Internet Explorer will be patched for security vulnerabilities. It appears that many of these weaknesses are being discovered through automatic "fuzzing" techniques, which can often result in multiple vulnerability discoveries. Several of the CVEs included in this bulletin are "Critical" and the most severe are likely to be memory corruption vulnerabilities. Internet Explorer users will absolutely want to patch these vulnerabilities as soon as possible to have a more secure surfing the web experience.

This security update will be light compared to the previous patch Tuesday. None of the CVEs included in this release are exploited in the wild at the moment. Also, it's not likely there will be a vulnerability as nasty as the Schannel Remote Code Execution vulnerability (MS14-066) from last month. This doesn't mean that this update should be skipped or delayed. All of these updates can be applied by ensuring that Automatic Updates is turned on so that these will be downloaded as soon as they become available. Once these updates are installed, a restart is required for these security updates to applied.

For a complete run-down of the December Microsoft security bulletins, please come back next Tuesday, December 9th. We'll see you then!

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.