Microsoft seems to have the Christmas giving spirit this month, as they intend to release 14 new security bulletins during next Tuesday’s Patch Day. The bulletins fix a total of 20 security vulnerabilities in products like Windows, Office, and Internet Explorer, as well as other components that ship with those products. They rate three of the bulletins as Critical, and the rest as Important, and you can expect most of the updates to require a restart.
Of particular note; one of the bulletins will fix the zero day Windows kernel vulnerability used by the well publicized Duqu malware, which we described in a previous post.
You can find a bit more about these upcoming bulletins, including their order of severity, in Microsoft’s Advanced Notification post for December. As usual, I recommend you try to install these updates as quickly as possible, especially the Critical ones. I also recommend you test Microsoft patches before deploying them, mostly when applying them to production servers.
I’ll know more about these bulletins on Tuesday, December 13. Check out the WatchGuard Security Center then for our latest updates. — Corey Nachreiner, CISSP (@SecAdept)