Microsoft Security Bulletin Advance Notification for December 2010

[ronjor]

Quote:

Published: December 09, 2010

Microsoft Security Bulletin Advance Notification issued: December 9, 2010
Microsoft Security Bulletins to be issued: December 14, 2010

This is an advance notification of security bulletins that Microsoft is intending to release on December 14, 2010.

This bulletin advance notification will be replaced with the December bulletin summary on December 14, 2010. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft will host a webcast to address customer questions on the security bulletins on December 15, 2010, at 11:00 AM Pacific Time (US & Canada). Register now for the December Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

Microsoft

[MikeBCda]

Ron, I know you post this quote of the advance notification every month, but does it really serve any purpose other than as a reminder that Patch Tuesday is approaching? There's never anything resembling details in it, not even a guess as to how many updates there'll be for a typical system.

[ronjor]

Hi Mike,

Please look under executive summaries at the link for all the patch info.

[MikeBCda]

Thanks, Ron, I hadn't actually followed the link before.

For any given user, the Affected Software section might be even more useful -- looks like there'll be 7 for my XP SP3.

[Searching_ _ _]

Microsoft to Plug Critical IE and Final Stuxnet Holes

Quote:

Microsoft said today that next week's Patch Tuesday will bring 17 updates plugging 40 holes and featuring two rated "critical," including one in Internet Explorer that was targeted in attacks last month.
The critical IE vulnerability was written for IE 6 and 7 but IE 8 is also vulnerable, Microsoft said when it issued a warning about it in November.
Also fixed on Tuesday will be the final of four holes in Windows that the Stuxnet malware used.
"This is a local Elevation of Privilege vulnerability and we've seen no evidence of its use in active exploits aside from the Stuxnet malware," Mike Reavey, director of the Microsoft Security Response Center, said in a blog post.

Microsoft to Plug Critical IE and Final Stuxnet Holes - CNET

[ronjor]

Quote:

Assessing the risk of the December security updates

swiblog
14 Dec 2010 10:01 AM


Today we released seventeen security bulletins. Two have a maximum severity rating of Critical, fourteen have a maximum severity rating of Important, and one has a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Microsoft

[JRViejo]

Quote:

Microsoft today patched 40 vulnerabilities in Windows, Internet Explorer (IE), Office, SharePoint and Exchange, including nine pegged "critical."

Five of the 17 security updates -- Microsoft calls them "bulletins" -- fixed long-standing flaws that could be used by attackers to plant malware on a PC by tricking Windows into thinking a malicious DLL (dynamic link library) was actually a legitimate part of the OS.

Only two of the 17 updates were judged critical, Microsoft's top-most threat ranking in its four-step scoring system. Another 14 were marked "important," the second-highest rating, while the remaining update was labeled "moderate."

Microsoft's holiday bonus: Fixes for 40 flaws by Gregg Keizer.

Anyone noticed after applying the updates in Win 7 all optional updates are gone? They aren't hidden but the "tab" in the GUI is simply missing.

[JRViejo]

Quote:

Microsoft last week pulled an update for Outlook 2007 issued just two days earlier, citing connection and performance problems for the unusual move.

The update was issued mid-day on Dec. 14 as part of the monthly Patch Tuesday. Within hours, users reported trouble with retrieving e-mail and major delays when switching folders.

"This latest update results in Outlook 2007 being very slow in changing folders and the archiving functionality appears to have been removed," said someone identified as "alspar" on a Microsoft support forum early Wednesday morning. "Is this an error or by design?"

Others said they couldn't send or receive e-mail, including Gmail messages, through Outlook after installing the update.

Microsoft yanks Outlook 2007 update by Gregg Keizer.

[prius04]

Quote:

Originally Posted by JRViejo

Microsoft yanks Outlook 2007 update by Gregg Keizer.

Thank you, JR!! Disabling add-ins, changing my AV/Firewall settings, and the like, in an effort to rectify the slowdown on two machines was getting tiresome. Simply uninstalled KB2412171 and, voila, fixed!

[JRViejo]

prius04, you're welcome! Take care.