Microsoft released seventeen (17) bulletins addressing forty (40) vulnerabilities in Microsoft Windows, Office, Internet Explorer, SharePoint Server and Exchange. Two (2) of those bulletins carry a Critical rating, while fourteen (14) are rated Important and one is rated Moderate.
A complete description of all the bulletins is available in the TechNet Bulletin Summary linked below. The bulletin that closes out the last known vulnerability exploited by the Stuxnet malware is MS10-092.
Following is the description from the MSRC Blog of the two critical bulletins:
- MS10-090 This bulletin resolves seven issues -- five Critical, two Moderate -- affecting all supported versions of Internet Explorer, on both Windows clients and Windows servers. Among its other updates, it addresses a vulnerability previously described in Security Advisory 2458511.
- MS10-091 This bulletin is Critical and addresses three vulnerabilities in Windows' OpenType Font driver. All three issues were privately reported and we are not aware of any active attacks using them.
Microsoft also released an updated Malicious Software Removal Tool this month.
For complete details, see the references listed below.
- MSRC: December 2010 Security Bulletin Release
- TechNet: Microsoft Security Bulletin Summary for December 2010
Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,