Home Home Tech December Patch Tuesday: 3 bulletins critical, 4 important

December Patch Tuesday: 3 bulletins critical, 4 important

Microsoft's security bulletins for December affect all currently supported versions of Windows.

This month's critical vulnerabilities were found in DirectX, Windows Media Format Runtime, and Internet Explorer. All three have the potential to allow remote code execution.

The DirectX issue is a longstanding one, affecting all currently supported versions of Windows (from 2000 to Vista) and versions 7.0, 8.1, 9.0c and 10.0 of DirectX itself. A maliciously crafted streaming media file can trigger the execution of code delivered within the media. It appears to be related to a DirectShow vulnerability that was patched in 2005.

The Windows Media vulnerability also involves code execution triggered by a maliciously crafted file.

The Internet Explorer update patches four vulnerabilities, the most serious of which allows remote code execution when visiting a maliciously crafted web page.

The effects of all the above issues is reduced if the user does not have administrative rights.

THe remaining vulnerabilities addressed this month all have a maximum rating of Important.

Vista's gets an updated kernel to overcome a privilege escalation vulnerability plus a patch for SMBv2 to block a remote code execution issue. Windows 2000 and XP get a fix for a vulnerability in the Message Queueing Service.

Finally, the previously disclosed Macrovision SECDRV.SYS vulnerability allowing privilege escalation under XP and Server 2003 has been fixed.

The usual updates for the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter were also issued.

Non-security items released include an XP patch that improves the performance of web sites using AJAX, a Daylight Saving Time update, and bug fixes for Windows Live Writer.


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.