Microsoft's Security Bulletin for December 2011 includes 13 bulletins addressing 17 vulnerabilities. Three of the bulletins are rated "critical": MS11-087, MS11-090, and MS11-092 and the rest are "important". This month many of the patches relate to vulnerabilities with known exploits likely available in the wild, so it is essential that organizations prioritize patching as soon as possible.
Microsoft reports that the exploit code for the “critical” MS11-087 and MS11-092 is likely to be in the wild. This comes as no surprise with MS11-087, which addresses the much publicized zero-day vulnerability related to the malicious Duqu worm. The vulnerability is in Windows kernel-mode drivers and could allow remote code execution. Microsoft previously released a workaround for this as a part of Microsoft Security Advisory #2639658, so organizations applying patch MS11-087 need to also undo the workaround if it was deployed.
MS11-092 is a vulnerability in Windows Media player and Media Center, which an attacker could use to phish a victim into visiting a site or opening a file on their site. Microsoft also reports that there is likely already exploit code available for this vulnerability.
This month, there are a couple of updates related to Internet Explorer. MS11-092 is an Active-X bug that exploits a user when they visit a webpage with Internet Explorer. MS11-099 is a cumulative security update for Internet Explorer. Browser updates always get my attention because browsers are on the front line in the security battle. As we approach the end of the year, organizations should be thinking about bringing in the new year by upgrading their legacy browsers and upgrading to Internet Explorer 9.
There are several bulletins related to Microsoft Office Suite and applications related to it such as Powerpoint, Publisher, and Excel. MS11-094, related to Powerpoint, is like to have exploit code in the wild.
According to the 80/20 rule, 20% of your vulnerabilities will likely cause 80% of your security risk. I see Microsoft getting the number of critical bulletins way down, but at the same time those criticals could be responsible for mass compromises and included in mass malware packs.
This is a month where Microsoft patched a wide variety of vulnerabilities so organizations need to test and patch the “critical” ones as soon as possible, and prioritize the “importants” by which ones have exploit code available, and which ones allow remote code execution.