December 2010 Patch Tuesday Overview
Microsoft has released 17 new security bulletins addressing 40 vulnerabilities in the December 2010 edition of patch Tuesday. This is yet another record breaking month for the number of security bulletins released at one time; although, only two of the bulletins are rated as critical.
The first bulletin that needs to be addressed is MS10-090. This bulletin addresses 7 vulnerabilities in Internet Explorer. One of the vulnerabilities, as explained in Microsoft Security Advisory 2458511, is being actively exploited in the wild. Over the weekend, Microsoft saw an uptick in attacks against the vulnerability. These attacks are primarily being conducted against Internet Explorer users in China and Korea. With any security bulletin that is being actively attacked, it is critical that you deploy this to your network immediately.
The second bulletin that should be addressed immediately is MS10-091. This bulletin addresses and issue with the OpenType Font Driver. If a shared folder that contains a malicious OpenType font file is viewed, an attacker could run code in the Windows kernel. In order for a successful exploit, an attacker must convince a user to open a share that contains a malicious OpenType font file. If the folder has thumbnail view set, no user interaction is required for a successful exploit. If the folder has any other folder view set (such as detail), the user must open the malicious file to be exploited.
Five of the bulletins released today address a common issue, but each bulletin affects different components. All five bulletins (MS10-093, MS10-094, MS10-095, MS10-096, and MS10-097) address the Insecure Library Loading issue identified in August by Microsoft. This issue was detailed in Microsoft Security Advisory 2269637. At the time of the release of the advisory, Microsoft announced that patches would be coming for any affected products they found. It is not surprising these 5 bulletins were released. Products that are affected by this vulnerability are still being found by Microsoft.
If you have applied the workaround detailed in the Microsoft knowledge base article 2264107, machines on your network cannot be attacked by this vulnerability. It is still important though to apply any security patches vendors release.
This is the time of the year where maintenance windows may be tight due to the holidays, vacations and office closures. With 17 bulletins, take the time to thoroughly review each bulletin and identify which bulletins require your immediate attention.
- Jason Miller