I started this sometime ago and will continue to post this just for information.
First, for December we’re releasing 17 updates addressing 40 vulnerabilities in Microsoft Windows, Office, Internet Explorer, SharePoint and Exchange. Of the 17, two bulletins are rated Critical, 14 are rated Important, and one is rated Moderate. As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible.
Back to this month’s bulletins. We’re addressing two issues this month that have attracted interest recently. First, we will be closing the last Stuxnet-related issues this month. This is a local Elevation of Privilege vulnerability and we’ve seen no evidence of its use in active exploits aside from the Stuxnet malware. We’re also addressing the Internet Explorer vulnerability described in Security Advisory 2458511. Over the past month, Microsoft and our MAPP partners actively monitored the threat landscape surrounding this vulnerability and the total number of exploit attempts we monitored remained pretty low. Furthermore, customers running Internet Explorer 8 remained protected by default due to the extra protection provided by Data Execution Prevention (DEP). On that note, I want to point you to a new post on the Security Research & Defense team blog describing the effectiveness of DEP and ASLR against the types of exploits we see in the wild today.