Large December Security Patch Released by Microsoft

Of 13 items in release, 3 address remote code execution flaws.

December's security update fixes 13 items within Microsoft products, including Windows, Office, and Internet Explorer.

Microsoft described three items as "critical" to patch since they are associated with remote code execution flaws found in Windows. The remaining items have been deemed "important," addressing holes in Office, Windows and Internet Explorer.

Full details are described in the Microsoft Security Bulletin Summary for December 2011. Here are the highlights in this month's security patch release.

Critical Releases:

  • MS11-087: Fixes a remote code vulnerability in the Windows kernel; problem occurs if users open a harmful document or visits a Web site containing TrueType font files.
  • MS11-090: This "critical" fix updates ActiveX to fix a privately reported flaw in Internet Explorer. An attacker trigger a remote code execution attack if user, working in IE, visits a harmful Web site with specific, harmful binary code.
  • MS11-092:  The final critical item corrects a remote code execution flaw in the Windows Media Player and Windows Media Center; the vulnerability exposes a user to an attack when a corrupted Microsoft Digital Video Recording (.DVR-MS) file is opened.

Important Releases:

  • MS11-088: Update closes a hole in the Microsoft Office Input Method Editor (IME) for the Simplified Chinese language that could lead to an elevation in privilege. An attacker must run corrupted code in kernel mode on systems where the Microsoft Pinyin IME for Simplified Chinese is installed.
  • MS11-089: This fix tackles a remote code execution flaw in Microsoft Office which is enabled with a specially crafted Word file; the error could give an attacker access to the victim's log-on rights. The flaw is considered a smaller risk in enterprises where fewer users have administrative rights.
  • MS11-091: This important entry fixes a remote code execution flaw in Microsoft Publisher. A user's computer could be taken over if a specially crafted Publisher file is downloaded and opened.
  • MS11-093: Fixes a vulnerability in Windows XP and Windows Server 2003, this prevents a remote code execution action when a file with a harmful OLE object is opened.
  • MS11-094: Addresses a remote code execution flaw that occurs when a user opens an infected PowerPoint file.
  • MS11-095: An Active Directory fix corrects a remote code execution issue that could occur if a specially crafted application is executed when logged onto the Active Directory domain.
  • MS11-096: A remote code execution problem exploit occurs when a user opens a harmful Microsoft Excel file.
  • MS11-097: Fixes an elevation of privilege issue in the Windows Client/Server Run-time Subsystem; the fix prevents attackers from logging onto a system and running a harmful application aimed at sending "a device event message to a higher-integrity process."  
  • MS11-098: Closes a hole that elevate privileges if a rogue application is run that exploits a specific error in the Windows kernel.
  • MS11-099: Microsoft calls this a "cumulative security update" for Internet Explorer. Left unfixed, a remote code execution attack could be deployed if an HTML file is opened in the same directory as a corrupted DLL file.

Joshua Talbot, security intelligence manager with Symantec Security Response advises administrators to put IE lower on their to do list.  "We typically put Internet Explorer cumulative updates pretty high on our priority list," Talbot said in a prepared statement, ."but this month none of the IE vulnerabilities [is a] particularly high-impact [issue]. They're still important, but we suggest prioritizing quite a few of the other bulletins ahead of them."

He suggests tackling the Windows Media player issue first (bulletin MS11-092) due to the relative ease in which the flaw might be exploited.

A system restart may be required for all bulletins, according to Microsoft.

comments powered by Disqus