Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Advance Notification for December 2012

Next week is Patch Tuesday, so this week we get the advancenotification for the last updates Microsoft will issue this year. Of coursethat assumes there will be no unforeseen zero-day release between now and then.

This month it looks we have just seven total bulletins withfive of those rated critical and two rated as important. Six out of the seven will result in RemoteCode Execution, which is about as bad as bad gets. The last one deals withsomething Microsoft is calling a 'Security Feature Bypass' and is only inWindows Server 2008 and 2012. Despite being only rated as important that one islooking very interesting this month.

Right off the bat Bulletin 1 looks to be extremely nastyallowing Remote Code Execution in Internet Explorer 6, 7, 8, 9, and 10.Including the version of IE on that shiny new MS Surface running Windows RT.Which makes it the second patch in as many months for Microsoft's new gadget.

Critical Bulletin 3 will impact several versions ofMicrosoft Word and SharePoint Server. Critical Bulletin 4 will impact Exchange Server 2007 and 2010. Not sure if installation of Bulletin 4 willrequire a reboot or not but you might want to go ahead and schedule one anyway just in case.

The other bulletins are all desktop and server OS related.

Next week we will have all the details and the full breakdown for of all the patches this month.

Recent SpiderLabs Blog Posts