Links
December Patch Tuesday
Microsoft has released 8 new patches resolving 6 critical and 2 important vulnerabilities found in its various products. The vulnerability for the Visual Basic 6.0 ActiveX Control has publicly available exploit code, so it should be patched as soon as possible. The products with critical severity vulnerabilities include:
- GDI
- Windows Search
- Internet Explorer
- Visual Basic 6.0 Runtime Extended Files (ActiveX Controls)
- Microsoft Office Word
- Microsoft Office Excel
The important severity vulnerabilities affect the following products:
- Microsoft Office SharePoint Server
- Windows Media Components
Gladiator recommends that institutions follow their standard patching cycles to roll out these updates. The Visual Basic 6.0 ActiveX Control patch should be pushed out as soon as possible to affected systems. Be sure to test the patch on one system before pushing it to all servers. Microsoft has rated many of these vulnerabilities with an exploitability index of 1, meaning consistent exploit code is likely. Refer to the Microsoft bulletin bellow for further details.
Related Links:
- Microsoft Security Bulletin for December 2008 (http://www.microsoft.com/technet/security/bulletin/MS08-dec.mspx?pubDate=2008-12-09)
- SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=5449)
- Security Focus Article (http://www.securityfocus.com/brief/868)