Patch Tuesday: Microsoft Releases 13 Security Updates for December

security  Yesterday, Microsoft released  13 security updates as part of the monthly patch Tuesday cycle to close 19 vulnerabilities found in their Windows, Office, Internet Explorer and Media Player/Media Center software.

Although they had planned to release 14 patches, the release of one of the updates had to be delayed. The patch in question was intended to close a vulnerability found in the SSL 3.0 and TLS 1.0 and the reason given for delaying the update was that they found an incompatibility during third party tests. The update will be released once the incompatibility issues are addressed properly.

Now coming back to the released updates, three are rated critical and the rest are marked important. All of the critical rated updates patch vulnerabilities that enable Remote Code Execution. A note-worthy update here is the MS11-087, which fixes the bug used by the infamous Duqu worm. Microsoft had earlier released a temporary workaround for this bug along with last month’s security bulletins which simply denied access to the vulnerable T2EMBED.DLL file.

The other updates are for vulnerabilities that enable Remote Code Execution as well as Elevation of Privilege. You can find more details on each of the updates here.

Microsoft has also released a Deployment Priority Guidance to assist customers in deploying the updates which is shown below.

7343.2011-12 dep

Make sure that you install these updates as soon as possible in order to make your system less susceptible to attacks.

Published by

Nithin Ramesh

Nithin is a blogger and a Windows security enthusiast. He is currently pursuing Bachelors in Electronics and Communication. Apart from technology his other interests include reading and rock music. His Twitter handle is @nithinr6