Six updates on Microsoft's December Patch Tuesday

Microsoft's monthly patch release day is coming up on Tuesday of next week. The company has announced six updates for December. Five of the security updates are Windows related and close at least one hole categorised as critical. Another update is intended to remove vulnerabilities from Microsoft's Visual Studio, including one critical hole. Several of the patches require a reboot of the computer following installation.

Because generally Microsoft provides no advance information about the vulnerabilities being fixed, security experts are left to speculate. The critical Visual Studio bug could involve the defective WMI-Object-Broker ActiveX module, a security hole first publicised more than a month ago. Ever since then, attackers have been attempting to exploit the hole using specially prepared websites.

The Redmond crew is also investigating a vulnerability in Media Player through which manipulated ASX playlists, particular when embedded into websites, can be used to smuggle malicious code onto the victims computers. It's possible that a patch has already been prepared for this coming Tuesday--when it comes to leaky DRM components, the developers have shown a knack for producing updated versions quickly. The vulnerability in Word, Microsoft's word processing software, seems likely to remain unplugged for yet another month, given that Microsoft did not mention any updates for the Office suite.

Beyond the security updates, the software giant seems prepared to release four other non-security related updates via Windows Update and SUS. As many as ten updates of that kind may in fact be distributed via Microsoft Update and WSUS. An updated version of the Malicious Software Removal Tools will also be installed onto computers on patch day.

See also:

• Microsoft Security Bulletin Advance Notification, Patch Tuesday announcement from Microsoft

(trk)