As 2014 comes to a close, the last Patch Tuesday is upon us. December’s patches are not as huge as last month’s, but there are still seven bulletins announced; three are critical and four are important. The critical patches include one for Internet Explorer, one for Office and one for Windows itself. All are likely to address remote code vulnerabilities that make them susceptible to hacking.
There has been a steady stream of Critical Cumulative security updates to Internet Explorer. This will likely become a regular thing as hackers are increasingly taking aim at browser vulnerabilities. There are two updates for Microsoft Windows; the critical update prevents remote code execution, the Important update addresses an information disclosure vulnerability. There are three updates for Microsoft Office, including one critical. All three Office updates resolve vulnerabilities that could allow remote code execution.
All versions of Microsoft Windows, Office, and Internet Explorer are believed to be affected by remote code execution vulnerabilities. Hopefully, this Patch Tuesday, these vulnerabilities will be fixed until a new patch will need to be released to address a new threat. Those with automatic updates enabled should receive these updates automatically, although a system reboot will be required for the updates to be applied. These updates roll out December 9th.