Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Journal SkiifGeek's Journal: Microsoft's December Patches

Coming as somewhat of a surprise, Microsoft released seven patches with their December Security Patch Update. Even though most patches were only rated as Important, almost all patches do have an arbitrary code execution component for at least some end users. This will raise the criticality of some patches to Critical for those specific users. The unexpected patch was for the Windows Media Format, though there is some outstanding dispute over the actual criticality of the affected components and the extent / availability of public exploit code.

Proof of concept code has been made available for at least one of the recent arbitrary code execution vulnerabilities associated with Microsoft Word (there are at least two), and the ISC has identified that Microsoft Office (Mac) was updated quietly today as well, including at least one security fix in the update.

Detailed vulnerability reports and exploit code are starting to surface for the patched vulnerabilities, as well as what appears to be opportunistic attacks by unrelated attackers (according to the ISC there is a massive spike in attacks exploiting an historic Symantec Antivirus vulnerability).

This discussion has been archived. No new comments can be posted.

Microsoft's December Patches

Comments Filter:

Like punning, programming is a play on words.