It's Microsoft Patch Tuesday: December 2011

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's December 2011 patches in your organization.

Not only was December a rough month for the patch count (how many more Office file exploits do we need to deal with this year?), but I took a look back at the years 2008 through 2010, and 2010 had only a few more security bulletins than 2011, and 2008 and 2009 had much fewer (around thirty less). Quite frankly, a 40% or even almost 50% increase in bulletins is just not acceptable. By my rough guesstimations, around 30% - 40% of this month's patches have to do with Office.

Happy holidays to all!

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

MS11-087/KB2639417 - Critical (XP, Vista, W7, 2003, 2008, 2008R2): This patch fixes an issue with TrueType font handling that could allow remote code execution attacks. Not only can this be triggered through documents but also Web pages, so you should install the patch immediately. Warning: there are known issues with this patch, and one of them indicates that Office won't be able to generate PDFs anymore, as will a number of other applications! MS11-088/KB2652016 - Important (Office 2010): If you use the Chinese version of Office or the Pinyin input system, there is a way to use it to escalate privileges. You should install this patch if you use these Office products. MS11-089/KB2590602 - Important (Office 2007, Office 2010, Office for Mac 2011): Opening a Word document can lead to remote code execution attacks with the logged-on user's privileges. Because of the commonality of Word documents, I suggest that you treat this as critical and install the patch as soon as you can. MS11-090/KB2618451 - Critical (XP, 2003): This is a cumulative update for the ActiveX Kill Bits system. Install it when you normally would. MS11-091/KB2607702 - Important (Office 2003, Office 2007): Microsoft Publisher files can be used to exploit a remote code execution vulnerability, and this patch closes the hole. If you use Publisher, install this patch. MS11-092/KB2648048 - Critical (XP, Vista, W7): The Windows Media Player and Media Center applications are vulnerable to remote code execution attacks when opening up Microsoft Digital Video Recording files. You should install this patch as soon as you can. MS11-093/KB2624667 - Important (XP, 2003): Attacks can be made with the OLE system to perform remote code execution attacks. Since OLE is easily done with Office files, I suggest that you install this patch immediately. MS11-094/KB2639142 - Important (Office 2007, Office 2010, Office 2008 for Mac, Office 2007 Compatibility Pack, PowerPoint Viewer 2007): More remote code execution vulnerabilities, this time with PowerPoint. Again, patch ASAP since PowerPoint is so common. MS11-095/KB2640045 - Important (XP, 2003, Vista, W7, 2003, 2008, 2008 R2): A variety of Active Directory related technologies (Active Directory itself, AGAM, and AD LDS) have vulnerabilities with how they handle data, allowing an attacker to access them with an application that can perform remote code execution attacks. The attacker needs to be able to log on to Active Directory, which reduces the impact a good bit. You should install this patch on your normal patch cycle. MS11-096/KB2640241 - Important (Office 2003, Office 2004 for Mac): More remote code execution vulnerabilities, this time with Excel files. Install this patch as soon as you can. MS11-097/KB2620712 - Important (XP, Vista, W7, 2003, 2008, 2008 R2): An issue with the Windows client/server run-time can allow a logged-on user to run an attack application to escalate privileges locally. This is a lower priority issue, and the patch can wait until your normal time. MS11-098/KB2633171 - Important (XP, Vista, W7, 2003, 2008): This bug is a bit unique, in that it affects only 32-bit versions of Windows. In this case, a vulnerability allows a locally logged-on user to run an application and get higher level privileges. Install the patch on your usual cycle. MS11-099/KB2618444 - Low to Important (IE6, IE7, IE8, IE9): This is a cumulative update for Internet Explorer, fixing three vulnerabilities. None of the exploits it fixes are absolutely horrible, but you will want to patch it immediately since you can be sure that folks will try to exploit them as soon as they can. Warning: There is a known issue with this patch, where doing a "Select All" in one page and then trying to paste back into IE will cause it to not work.

Other Updates

KB2633952 - Daylight Savings Time update.

"The Usual Suspects": Updates to the Malicious Software Removal Tool (14.7 - 15.1MB) and the Junk Email Filter (2.1MB).

Changed, but not significantly: None.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB931125 - Root certificate update KB2641690 - Update to prevent spoofing through fraudulent certificates

Changed, but not significantly: None.