SkiifGeek's Journal: Microsoft's December Patches

Coming as somewhat of a surprise, Microsoft released seven patches with their December Security Patch Update. Even though most patches were only rated as Important, almost all patches do have an arbitrary code execution component for at least some end users. This will raise the criticality of some patches to Critical for those specific users. The unexpected patch was for the Windows Media Format, though there is some outstanding dispute over the actual criticality of the affected components and the extent / availability of public exploit code.

Proof of concept code has been made available for at least one of the recent arbitrary code execution vulnerabilities associated with Microsoft Word (there are at least two), and the ISC has identified that Microsoft Office (Mac) was updated quietly today as well, including at least one security fix in the update.

Detailed vulnerability reports and exploit code are starting to surface for the patched vulnerabilities, as well as what appears to be opportunistic attacks by unrelated attackers (according to the ISC there is a massive spike in attacks exploiting an historic Symantec Antivirus vulnerability).