Home Home Tech December Patch Tuesday: 3 bulletins critical, 4 important
Microsoft's security bulletins for December affect all currently supported versions of Windows.

This month's critical vulnerabilities were found in DirectX, Windows Media Format Runtime, and Internet Explorer. All three have the potential to allow remote code execution.

The DirectX issue is a longstanding one, affecting all currently supported versions of Windows (from 2000 to Vista) and versions 7.0, 8.1, 9.0c and 10.0 of DirectX itself. A maliciously crafted streaming media file can trigger the execution of code delivered within the media. It appears to be related to a DirectShow vulnerability that was patched in 2005.

The Windows Media vulnerability also involves code execution triggered by a maliciously crafted file.

The Internet Explorer update patches four vulnerabilities, the most serious of which allows remote code execution when visiting a maliciously crafted web page.

The effects of all the above issues is reduced if the user does not have administrative rights.

THe remaining vulnerabilities addressed this month all have a maximum rating of Important.

Vista's gets an updated kernel to overcome a privilege escalation vulnerability plus a patch for SMBv2 to block a remote code execution issue. Windows 2000 and XP get a fix for a vulnerability in the Message Queueing Service.

Finally, the previously disclosed Macrovision SECDRV.SYS vulnerability allowing privilege escalation under XP and Server 2003 has been fixed.

The usual updates for the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter were also issued.

Non-security items released include an XP patch that improves the performance of web sites using AJAX, a Daylight Saving Time update, and bug fixes for Windows Live Writer.


Site24x7 Seminars

Deliver Better User Experience in Today's Era of Digital Transformation

Some IT problems are better solved from the cloud

Join us as we discuss how DevOps in combination with AIOps can assure a seamless user experience, and assist you in monitoring all your individual IT components—including your websites, services, network infrastructure, and private or public clouds—from a single, cloud-based dashboard.

Sydney 7th May 2019

Melbourne 09 May 2019

Don’t miss out! Register Today!



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.


Popular News




Guest Opinion


Sponsored News