Patch Tuesday Analysis for December 2011

Thirteen Security Bulletins were released today, one less than expected. The missing one is related to security advisory 2588513.  Microsoft offers some advice on how to deal with that while waiting. Here’s some highlights of today’s releases:

MS11-087 is rated critical for all supported versions on Windows. Since the exploit related to this is both public and presently being used we recommend accelerated testing and deployment of the patch.  

MS11-092 patches a vulnerability in Media Player where the attacker convinces a user to open a specially crafted dvr-ms file. The habits of users would impact how quickly this patch should be deployed. The increase of video viewing will no doubt continue.  

MS11-090 is a cumulative update for ActiveX.  The kill bits prevent the ActiveX controls from running.. All but one of these are for third-party software.  

MS11-095 will only offer the patch for systems with Active Directory Services installed. Domain Controllers for example use this technology.  

MS11-088 is a vulnerability in Office 2010 IME (Chinese). IME or Input Method Editor allows characters to be built from the keyboard. Some languages like Chinese contain  so many characters it is not practical to have a key for each one.  Only systems where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese has been installed are vulnerable.  

MS11-091 addresses multiple vulnerabilities in Office Publisher, one of which is publicly disclosed.  

With MS11-093 the vulnerability is in OLE (Object Linking and Embedding) Office products for example use this technology. Servers are less vulnerable if best practice is followed. Third party software may also use OLE.  

Two vulnerabilities in PowerPoint are addressed in MS11-094. Not all Service Packs and Versions are affected.

A record memory corruption vulnerability is corrected with MS11-096  

The CSRSS is a component in all supported Windows systems and will require a restart when patching (MS11-097)  

MS11-098 affects only 32-bit systems  

MS11-099 is a cumulative update for Internet Explorer

Receive Randy's same-day, independent analysis each Patch Tuesday

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Tuesday Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.