It’s Microsoft Patch Tuesday! In the December edition there are 7 updates; three are marked "Critical" and four are rated "Important". A total of 25 vulnerabilities were fixed over 7 bulletins this month. One of the Critical update MS14-080 is an all version Internet Explorer (IE 6 to 11) patch. This single update resolves 14 CVE's (Common Vulnerability and Exposure).
Here is a list of Security bulletins which were rolled out in today's Patch Tuesday release.
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege(3009712)
Cumulative Security Update for Internet Explorer(3008923)
Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution(3017301)
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution(3017349)
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution(3017347)
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution(3016711)
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure(3013126)
Tracking Microsoft Vulnerability Patches 2014
As shown in the chart above, number of vulnerabilities which were patched this month is same as that of last month. Looking back, in 2014 Microsoft rolled out total of 83 updates addressing 341 number of vulnerabilities. Internet Explorer continued to be the most vulnerable of all microsoft products and received highest number of patches this year. As we do every month, we’ve released a signature update #2449 to address vulnerabilities fixed in this month's patches.